CVE-2024-41928

CVSS V2 None CVSS V3 None
Description
Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.
Overview
  • CVE ID
  • CVE-2024-41928
  • Assigner
  • freebsd
  • Vulnerability Status
  • PUBLISHED
  • Published Version
  • 2024-09-05T03:32:56.561Z
  • Last Modified Date
  • 2024-09-05T03:32:56.561Z
References
Reference URL Reference Tags
https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc vendor-advisory
History
Created Old Value New Value Data Type Notes
2024-09-05 13:06:42 Added to TrackCVE