bhyve
by FreeBSD
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2016-1889 | Hig | 0.51 | 7.8 | 0.00 | Feb 15, 2017 | Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor. | ||
| CVE-2024-51566 | Med | 0.42 | 6.5 | 0.00 | Nov 12, 2024 | The NVMe driver queue processing is vulernable to guest-induced infinite loops. | ||
| CVE-2024-51565 | Med | 0.42 | 6.5 | 0.00 | Nov 12, 2024 | The hda driver is vulnerable to a buffer over-read from a guest-controlled value. | ||
| CVE-2024-51563 | Med | 0.42 | 6.5 | 0.00 | Nov 12, 2024 | The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. | ||
| CVE-2024-51562 | Med | 0.42 | 6.5 | 0.00 | Nov 12, 2024 | The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value. | ||
| CVE-2024-45063 | 0.01 | — | 0.07 | Sep 5, 2024 | The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the… | |||
| CVE-2024-32668 | 0.00 | — | 0.00 | Sep 5, 2024 | An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve… | |||
| CVE-2024-8178 | 0.00 | — | 0.03 | Sep 5, 2024 | The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve… | |||
| CVE-2022-23087 | 0.00 | — | 0.00 | Feb 15, 2024 | The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an… | |||
| CVE-2023-3494 | 0.00 | — | 0.00 | Aug 1, 2023 | The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer… | |||
| CVE-2018-17160 | 0.00 | — | 0.01 | Dec 4, 2018 | In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a… |
- risk 0.51cvss 7.8epss 0.00
Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.
- risk 0.42cvss 6.5epss 0.00
The NVMe driver queue processing is vulernable to guest-induced infinite loops.
- risk 0.42cvss 6.5epss 0.00
The hda driver is vulnerable to a buffer over-read from a guest-controlled value.
- risk 0.42cvss 6.5epss 0.00
The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.
- risk 0.42cvss 6.5epss 0.00
The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over-read from a guest-controlled value.
- CVE-2024-45063Sep 5, 2024risk 0.01cvss —epss 0.07
The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the…
- CVE-2024-32668Sep 5, 2024risk 0.00cvss —epss 0.00
An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve…
- CVE-2024-8178Sep 5, 2024risk 0.00cvss —epss 0.03
The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve…
- CVE-2022-23087Feb 15, 2024risk 0.00cvss —epss 0.00
The e1000 network adapters permit a variety of modifications to an Ethernet packet when it is being transmitted. These include the insertion of IP and TCP checksums, insertion of an Ethernet VLAN header, and TCP segmentation offload ("TSO"). The e1000 device model uses an…
- CVE-2023-3494Aug 1, 2023risk 0.00cvss —epss 0.00
The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer…
- CVE-2018-17160Dec 4, 2018risk 0.00cvss —epss 0.01
In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a…