Problem Description:
Several vulnerabilities were found in the bhyve hypervisor's
device models.
The NVMe driver function nvme_opc_get_log_page is vulnerable to a
buffer over- read from a guest-controlled value. (CVE-2024-51562)
The virtio_vq_recordon function is subject to a time-of-check to
time-of-use (TOCTOU) race condition. (CVE-2024-51563)
A guest can trigger an infinite loop in the hda audio driver.
(CVE-2024-51564)
The hda driver is vulnerable to a buffer over-read from a
guest-controlled value. (CVE-2024-51565)
The NVMe driver queue processing is vulernable to guest-induced
infinite loops. (CVE-2024-51566)
Impact:
Malicious guest virtual machines may be able to perform a denial
of service (DoS) of the bhyve host, and may read memory within the
bhyve process that they should not be able to access.