USB Code Vulnerability Could Lead to Remote Code Execution
CVE-2024-41721

Currently unrated

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 20 September 2024

What is CVE-2024-41721?

An insufficient boundary validation in the USB code could lead to an out-of-bounds read on the heap, which could potentially lead to an arbitrary write and remote code execution.

Affected Version(s)

FreeBSD 14.1-RELEASE

FreeBSD 14.0-RELEASE

FreeBSD 13.4-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:15....

vendor-advisory

Timeline

Vulnerability published
Sep 20, 2024
Vulnerability Reserved
Aug 27, 2024

Credit

Synacktiv

The FreeBSD Foundation

The Alpha-Omega Project