Unrated severityNVD Advisory· Published Mar 14, 2020· Updated Aug 4, 2024
CVE-2020-10565
CVE-2020-10565
Description
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- grub2-bhyve/grub2-bhyvedescription
- Range: < 2020-02-12 (svn revision 525916)
Patches
Vulnerability mechanics
References
1- svnweb.freebsd.org/portsmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.