CVE-2024-41928
Vulnerability from cvelistv5
Published
2024-09-05 03:32
Modified
2024-09-20 16:03
Severity ?
EPSS score ?
Summary
Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.
References
Impacted products
{ containers: { adp: [ { affected: [ { cpes: [ "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*", ], defaultStatus: "unknown", product: "freebsd", vendor: "freebsd", versions: [ { lessThan: "14.1_p4", status: "affected", version: "14.1", versionType: "custom", }, { lessThan: "14.0_p10", status: "affected", version: "14.0", versionType: "custom", }, ], }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "LOCAL", availabilityImpact: "HIGH", baseScore: 8.4, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, }, { other: { content: { id: "CVE-2024-41928", options: [ { Exploitation: "none", }, { Automatable: "no", }, { "Technical Impact": "total", }, ], role: "CISA Coordinator", timestamp: "2024-09-05T13:13:31.173172Z", version: "2.0.3", }, type: "ssvc", }, }, ], providerMetadata: { dateUpdated: "2024-09-06T16:18:40.362Z", orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0", shortName: "CISA-ADP", }, title: "CISA ADP Vulnrichment", }, { providerMetadata: { dateUpdated: "2024-09-20T16:03:10.182Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { url: "https://security.netapp.com/advisory/ntap-20240920-0009/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { defaultStatus: "unknown", modules: [ "bhyve", ], product: "FreeBSD", vendor: "FreeBSD", versions: [ { lessThan: "p4", status: "affected", version: "14.1-RELEASE", versionType: "release", }, { lessThan: "p10", status: "affected", version: "14.0-RELEASE", versionType: "release", }, ], }, ], credits: [ { lang: "en", type: "finder", value: "Synacktiv", }, { lang: "en", type: "sponsor", value: "The FreeBSD Foundation", }, { lang: "en", type: "sponsor", value: "The Alpha-Omega Project", }, ], datePublic: "2024-09-04T23:37:00.000Z", descriptions: [ { lang: "en", value: "Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.", }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-125", description: "CWE-125 Out-of-bounds Read", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-787", description: "CWE-787 Out-of-bounds Write", lang: "en", type: "CWE", }, ], }, { descriptions: [ { cweId: "CWE-1285", description: "CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2024-09-05T03:32:56.561Z", orgId: "63664ac6-956c-4cba-a5d0-f46076e16109", shortName: "freebsd", }, references: [ { tags: [ "vendor-advisory", ], url: "https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc", }, ], title: "bhyve(8) privileged guest escape via TPM device passthrough", }, }, cveMetadata: { assignerOrgId: "63664ac6-956c-4cba-a5d0-f46076e16109", assignerShortName: "freebsd", cveId: "CVE-2024-41928", datePublished: "2024-09-05T03:32:56.561Z", dateReserved: "2024-08-27T16:30:55.953Z", dateUpdated: "2024-09-20T16:03:10.182Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", "vulnerability-lookup:meta": { nvd: "{\"cve\":{\"id\":\"CVE-2024-41928\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2024-09-05T04:15:06.947\",\"lastModified\":\"2024-11-21T09:33:17.773\",\"vulnStatus\":\"Awaiting Analysis\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.\"},{\"lang\":\"es\",\"value\":\"El software malintencionado que se ejecuta en una máquina virtual invitada puede aprovechar el desbordamiento del búfer para lograr la ejecución de código en el host en el proceso de espacio de usuario bhyve, que normalmente se ejecuta como raíz. Tenga en cuenta que bhyve se ejecuta en un entorno aislado de Capsicum, por lo que el código malintencionado está limitado por las capacidades disponibles para el proceso bhyve.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.5,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secteam@freebsd.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-125\"},{\"lang\":\"en\",\"value\":\"CWE-787\"},{\"lang\":\"en\",\"value\":\"CWE-1285\"}]}],\"references\":[{\"url\":\"https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc\",\"source\":\"secteam@freebsd.org\"},{\"url\":\"https://security.netapp.com/advisory/ntap-20240920-0009/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}", vulnrichment: { containers: "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://security.netapp.com/advisory/ntap-20240920-0009/\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-09-20T16:03:10.182Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 8.4, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-41928\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-05T13:13:31.173172Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\"], \"vendor\": \"freebsd\", \"product\": \"freebsd\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1\", \"lessThan\": \"14.1_p4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"14.0\", \"lessThan\": \"14.0_p10\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-05T13:06:50.356Z\"}}], \"cna\": {\"title\": \"bhyve(8) privileged guest escape via TPM device passthrough\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Synacktiv\"}, {\"lang\": \"en\", \"type\": \"sponsor\", \"value\": \"The FreeBSD Foundation\"}, {\"lang\": \"en\", \"type\": \"sponsor\", \"value\": \"The Alpha-Omega Project\"}], \"affected\": [{\"vendor\": \"FreeBSD\", \"modules\": [\"bhyve\"], \"product\": \"FreeBSD\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1-RELEASE\", \"lessThan\": \"p4\", \"versionType\": \"release\"}, {\"status\": \"affected\", \"version\": \"14.0-RELEASE\", \"lessThan\": \"p10\", \"versionType\": \"release\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2024-09-04T23:37:00.000Z\", \"references\": [{\"url\": \"https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-125\", \"description\": \"CWE-125 Out-of-bounds Read\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-787\", \"description\": \"CWE-787 Out-of-bounds Write\"}]}, {\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-1285\", \"description\": \"CWE-1285 Improper Validation of Specified Index, Position, or Offset in Input\"}]}], \"providerMetadata\": {\"orgId\": \"63664ac6-956c-4cba-a5d0-f46076e16109\", \"shortName\": \"freebsd\", \"dateUpdated\": \"2024-09-05T03:32:56.561Z\"}}}", cveMetadata: "{\"cveId\": \"CVE-2024-41928\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-20T16:03:10.182Z\", \"dateReserved\": \"2024-08-27T16:30:55.953Z\", \"assignerOrgId\": \"63664ac6-956c-4cba-a5d0-f46076e16109\", \"datePublished\": \"2024-09-05T03:32:56.561Z\", \"assignerShortName\": \"freebsd\"}", dataType: "CVE_RECORD", dataVersion: "5.1", }, }, }
Log in or create an account to share your comment.
Security Advisory comment format.
This schema specifies the format of a comment related to a security advisory.
Title of the comment
Description of the comment
Loading…
Loading…
Loading…
Sightings
Author | Source | Type | Date |
---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.