CVE-2024-32668
CVSS V2 None
CVSS V3 None
Description
An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller.
A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.
Overview
- CVE ID
- CVE-2024-32668
- Assigner
- freebsd
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-09-05T04:42:25.457Z
- Last Modified Date
- 2024-09-05T04:42:25.457Z
Weakness Enumerations
References
Reference URL | Reference Tags |
---|---|
https://security.freebsd.org/advisories/FreeBSD-SA-24:12.bhyve.asc | vendor-advisory |
Sources
Source Name | Source URL |
---|---|
NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-32668 |
MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-32668 |
History
Created | Old Value | New Value | Data Type | Notes |
---|---|---|---|---|
2024-09-05 13:12:13 | Added to TrackCVE |