FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer

Affected packages
14.1 <= FreeBSD-kernel < 14.1_6
13.4 <= FreeBSD-kernel < 13.4_2
13.3 <= FreeBSD-kernel < 13.3_8

Details

VuXML ID 8caa5d60-a174-11ef-9a62-002590c1f29c
Discovery 2024-10-29
Entry 2024-11-13

Problem Description:

The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.

Impact:

A malicious guest could cause a Denial of Service (DoS) on the host.

References

CVE Name CVE-2024-39281
FreeBSD Advisory SA-24:18.ctl