FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-29 07:54:42 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a6d5d4c1-0564-11ec-b69d-4062311215d5FreeBSD -- Missing error handling in bhyve(8) device models

Problem Description:

Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption.

Impact:

A malicious guest may be able to crash the bhyve process. It may be possible to exploit the memory corruption bugs to achieve arbitrary code execution in the bhyve process.


Discovery 2021-08-24
Entry 2021-08-25
FreeBSD
ge 13.0 lt 13.0_4

ge 12.2 lt 12.2_10

ge 11.4 lt 11.4_13

CVE-2021-29631
SA-21:13.bhyve