FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Multiple issues in the bhyve hypervisor

Affected packages
14.1 <= FreeBSD < 14.1_6
13.4 <= FreeBSD < 13.4_2
13.3 <= FreeBSD < 13.3_8

Details

VuXML ID eb5c615d-a173-11ef-9a62-002590c1f29c
Discovery 2024-10-29
Entry 2024-11-13

Problem Description:

Several vulnerabilities were found in the bhyve hypervisor's device models.

The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over- read from a guest-controlled value. (CVE-2024-51562)

The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. (CVE-2024-51563)

A guest can trigger an infinite loop in the hda audio driver. (CVE-2024-51564)

The hda driver is vulnerable to a buffer over-read from a guest-controlled value. (CVE-2024-51565)

The NVMe driver queue processing is vulernable to guest-induced infinite loops. (CVE-2024-51566)

Impact:

Malicious guest virtual machines may be able to perform a denial of service (DoS) of the bhyve host, and may read memory within the bhyve process that they should not be able to access.

References

CVE Name CVE-2024-51562
CVE Name CVE-2024-51563
CVE Name CVE-2024-51564
CVE Name CVE-2024-51565
CVE Name CVE-2024-51566
FreeBSD Advisory SA-24:17.bhyve