FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Bhyve out-of-bounds read in XHCI device

Affected packages
12.0	<=	FreeBSD-kernel	<	12.0_8
11.2	<=	FreeBSD-kernel	<	11.2_12
11.3	<=	FreeBSD-kernel	<	11.3_1

Details

VuXML ID	edf064fb-b30b-11e9-a87f-a4badb2f4699
Discovery	2019-07-24
Entry	2019-07-30

Problem Description:

The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read.

Impact:

A misbehaving bhyve guest could crash the system or access memory that it should not be able to.

References

CVE Name	CVE-2019-5604
FreeBSD Advisory	SA-19:16.bhyve

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.