Unrated severityNVD Advisory· Published Sep 5, 2024· Updated Nov 4, 2025

Multiple issues in ctl(4) CAM Target Layer

CVE-2024-8178

Description

The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it.

Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

FreeBSD ctl(4) SCSI target layer has an uninitialized memory disclosure in ctl_write_buffer/ctl_read_buffer, exploitable from guests or iSCSI initiators.

Vulnerability

CVE-2024-8178 is an uninitialized memory disclosure vulnerability in the FreeBSD ctl(4) CAM Target Layer. The ctl_write_buffer and ctl_read_buffer functions allocate memory to be returned to userspace without initializing it, potentially leaking sensitive kernel heap contents. All supported versions of FreeBSD are affected; the vulnerability was corrected in stable/14, releng/14.1, releng/14.0, stable/13, releng/13.4, and releng/13.3 branches on 2024-09-04 [1].

Exploitation

An attacker requires the ability to interact with the ctl subsystem. In a bhyve(8) hypervisor scenario, malicious software running in a guest VM that exposes virtio_scsi can trigger the vulnerability to leak kernel heap data back to the guest. Alternatively, a malicious iSCSI initiator can exploit the vulnerability against a FreeBSD iSCSI target (`ctld`) to leak memory over the network. No special privilege beyond the ability to send SCSI commands is needed; the vulnerable code paths are reachable by any SCSI initiator [1].

Impact

Successful exploitation results in the disclosure of uninitialized kernel heap memory to the attacker. The leaked memory may contain sensitive information such as kernel pointers, credentials, or other data that could facilitate further attacks. In a bhyve(8) context, the disclosure occurs within the bhyve userspace process, which runs as root but is constrained by a Capsicum sandbox. The vulnerability alone does not directly provide code execution, but the leaked information can be used to bypass mitigations (e.g., ASLR) and enable follow-on exploitation [1].

Mitigation

FreeBSD has released patches for all supported branches: update to 14.1-RELEASE-p4, 14.0-RELEASE-p10, 13.4-RC2-p1, 13.3-RELEASE-p6, or later versions of the respective stable branches. System administrators should apply the security update as soon as possible. No workarounds are currently documented. The vulnerability is listed in the CVE database as CVE-2024-8178 and is part of a set of bugs addressed in FreeBSD-SA-24:11.ctl [1].

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

FreeBSD/bhyvellm-fuzzy
FreeBSD/FreeBSDv5
Range: 14.1-RELEASE

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.ascmitrevendor-advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.002
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000