HIGH✓ PATCH🇵🇱 Wersja polska

CVE-2024-8178

CVSS 8.8v3.1pub. 2024-09-05upd. 2025-11-04

The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Freebsd

    OS
    Freebsd
    13.313.414.014.113.0 – 13.3 (bez)
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
RCE
CWE
References

Related vulnerabilities

CVE-2024-43102CRITICAL10.0PL ✓ten sam produkt

FreeBSD UMTX_SHM_DESTROY: use-after-free umożliwiający RCE lub ucieczkę z sandboxa

CVE-2024-29937CRITICAL9.8PL ✓ten sam produkt

RCE w implementacji NFS w OpenBSD i FreeBSD — zdalne wykonanie kodu

CVE-2022-23088CRITICAL9.8PL ✓ten sam produkt

FreeBSD: przepełnienie bufora w obsłudze beacon 802.11s prowadzące do RCE

CVE-2023-5941CRITICAL9.8ten sam produkt

In versions of FreeBSD 12.4-RELEASE prior to 12.4-RELEASE-p7 and FreeBSD 13.2-RELEASE prior to 13.2-RELEASE-p5...

CVE-2023-3326CRITICAL9.8ten sam produkt

pam_krb5 authenticates a user by essentially running kinit with the password, getting a ticket-granting ticket...