Buffer Over-Read Vulnerability in FreeBSD NVMe Driver
CVE-2024-51562

6.5MEDIUM

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 12 November 2024

What is CVE-2024-51562?

The NVMe driver in FreeBSD is susceptible to a buffer over-read issue due to mishandling of input from guest-controlled values in the nvme_opc_get_log_page function. This vulnerability could allow attackers to read unintended memory areas, potentially exposing sensitive data and compromising system integrity. It is crucial for users and administrators to apply appropriate mitigations to safeguard their systems against exploitation.

Affected Version(s)

FreeBSD 14.1-RELEASE

FreeBSD 13.4-RELEASE

FreeBSD 13.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:17....

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 12, 2024

JSON