CVE-2024-43110

Опубликовано: 05 сент. 2024

Источник: nvd

CVSS3: 8.8

CVSS3: 8.4

EPSS Низкий

Описание

The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace.

Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

Версия от 13.0 (включая) до 13.3 (исключая)

cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.4:beta3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p9:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:p3:*:*:*:*:*:*

EPSS

Процентиль: 85%

0.02671

Низкий

8.8 High

CVSS3

8.4 High

CVSS3

Дефекты

CWE-125

Связанные уязвимости

GHSA-r58j-7299-f87q

CVSS3: 8.4

github

больше 1 года назад

The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

BDU:2024-10177

CVSS3: 8.4

fstec

больше 1 года назад

Уязвимость функции ctl_request_sense() подсистемы ctl операционных систем FreeBSD, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 85%

0.02671

Низкий

8.8 High

CVSS3

8.4 High

CVSS3

Дефекты

CWE-125