CVE-2024-42416

Summary

The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory.

Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

Affected Software

VendorProductVersion RangeStatus
FreeBSDFreeBSD14.1-RELEASE < p4affected
FreeBSDFreeBSD14.0-RELEASE < p10affected
FreeBSDFreeBSD13.3-RELEASE < p6affected

Weaknesses

  • CWE-790: CWE-790 Improper Filtering of Special Elements
  • CWE-823: CWE-823 Use of Out-of-range Pointer Offset

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

CVE Program Container

Additional References

References