CVE-2024-32668

CVSS V2 None CVSS V3 None
Description
An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.
Overview
  • CVE ID
  • CVE-2024-32668
  • Assigner
  • freebsd
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-09-05T04:42:25.457Z
  • Last Modified Date
  • 2024-09-05T04:42:25.457Z
References
Reference URL Reference Tags
https://security.freebsd.org/advisories/FreeBSD-SA-24:12.bhyve.asc vendor-advisory
History
Created Old Value New Value Data Type Notes
2024-09-05 13:12:13 Added to TrackCVE