CVE-2024-8178

Опубликовано: 05 сент. 2024

Источник: nvd

CVSS3: 8.8

CVSS3: 9.3

EPSS Низкий

Описание

The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it.

Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

Версия от 13.0 (включая) до 13.3 (исключая)

cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.3:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:13.4:beta3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:p9:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:*

cpe:2.3:o:freebsd:freebsd:14.1:p3:*:*:*:*:*:*

EPSS

Процентиль: 86%

0.02959

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS3

Дефекты

CWE-908

CWE-909

Связанные уязвимости

GHSA-9qxr-9qr6-7x7w

CVSS3: 8.8

github

больше 1 года назад

The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

BDU:2024-10178

CVSS3: 9.3

fstec

больше 1 года назад

Уязвимость функций ctl_write_buffer() и ctl_read_buffer() подсистемы ctl операционных систем FreeBSD, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 86%

0.02959

Низкий

8.8 High

CVSS3

9.3 Critical

CVSS3

Дефекты

CWE-908

CWE-909