VYPR
Unrated severityNVD Advisory· Published Mar 14, 2020· Updated Aug 4, 2024

CVE-2020-10565

CVE-2020-10565

Description

grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • grub2-bhyve/grub2-bhyvedescription
  • Range: < 2020-02-12 (svn revision 525916)

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.