An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.
2024-09-05T05:15:13.433
2024-11-21T09:15:25.913
Modified
CVSSv3.1: 8.2 (HIGH)
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Operating System | freebsd | freebsd | < 13.3 | Yes |
| Operating System | freebsd | freebsd | 13.3 | Yes |
| Operating System | freebsd | freebsd | 13.3 | Yes |
| Operating System | freebsd | freebsd | 13.3 | Yes |
| Operating System | freebsd | freebsd | 13.3 | Yes |
| Operating System | freebsd | freebsd | 13.3 | Yes |
| Operating System | freebsd | freebsd | 13.3 | Yes |
| Operating System | freebsd | freebsd | 13.4 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.0 | Yes |
| Operating System | freebsd | freebsd | 14.1 | Yes |
| Operating System | freebsd | freebsd | 14.1 | Yes |
| Operating System | freebsd | freebsd | 14.1 | Yes |
| Operating System | freebsd | freebsd | 14.1 | Yes |