CVE-2024-39281
Description
The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unbounded memory allocation in FreeBSD's ctl subsystem allows a malicious guest to trigger a denial of service on the host.
Description
The ctl_persistent_reserve_out command in FreeBSD's CAM Target Layer (ctl) allows a caller to specify an arbitrary size that is passed directly to the kernel's memory allocator without validation [1]. This unbounded allocation can exhaust kernel memory resources.
Exploitation
A malicious guest VM using virtio_scsi or an attacker with access to the iSCSI target daemon (ctld) can send a crafted SCSI command with a large allocation size [1]. No authentication is required beyond the ability to issue SCSI commands to the target.
Impact
Successful exploitation causes a denial of service (DoS) on the host system by consuming all available kernel memory, potentially crashing the host or making it unresponsive [1].
Mitigation
FreeBSD has released patches for all supported versions (stable/14, releng/14.1, stable/13, releng/13.4, releng/13.3) [1]. Systems not using virtio_scsi or ctld are not affected. No workaround is available; upgrading and rebooting is required.
AI Insight generated on May 20, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2News mentions
0No linked articles in our index yet.