CVE-2024-42416

Опубликовано: 05 сент. 2024

Источник: nvd

CVSS3: 8.8

CVSS3: 8.4

EPSS Низкий

Описание

The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory.

Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

Версия от 13.0 (включая) до 13.3 (исключая)

cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.4:beta3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p9:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:p3:*:*:*:*:*:*

EPSS

Процентиль: 77%

0.01002

Низкий

8.8 High

CVSS3

8.4 High

CVSS3

Дефекты

CWE-790

CWE-1284

Связанные уязвимости

GHSA-hgfp-qxpq-6q7w

CVSS3: 8.4

github

больше 1 года назад

The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

BDU:2024-10179

CVSS3: 8.8

fstec

больше 1 года назад

Уязвимость функции ctl_report_supported_opcodes() подсистемы ctl операционных систем FreeBSD, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 77%

0.01002

Низкий

8.8 High

CVSS3

8.4 High

CVSS3

Дефекты

CWE-790

CWE-1284