FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Unbounded allocation in ctl(4) CAM Target Layer

Affected packages
14.1	<=	FreeBSD-kernel	<	14.1_6
13.4	<=	FreeBSD-kernel	<	13.4_2
13.3	<=	FreeBSD-kernel	<	13.3_8

Details

VuXML ID	8caa5d60-a174-11ef-9a62-002590c1f29c
Discovery	2024-10-29
Entry	2024-11-13

Problem Description:

The command ctl_persistent_reserve_out allows the caller to specify an arbitrary size which will be passed to the kernel's memory allocator.

Impact:

A malicious guest could cause a Denial of Service (DoS) on the host.

References

CVE Name	CVE-2024-39281
FreeBSD Advisory	SA-24:18.ctl

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.