Buffer Over-Read Vulnerability in FreeBSD NVMe Driver
CVE-2024-51562

6.5MEDIUM

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 12 November 2024

What is CVE-2024-51562?

The NVMe driver in FreeBSD is susceptible to a buffer over-read issue due to mishandling of input from guest-controlled values in the nvme_opc_get_log_page function. This vulnerability could allow attackers to read unintended memory areas, potentially exposing sensitive data and compromising system integrity. It is crucial for users and administrators to apply appropriate mitigations to safeguard their systems against exploitation.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

FreeBSD 14.1-RELEASE

FreeBSD 13.4-RELEASE

FreeBSD 13.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:17....

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 12, 2024

JSON

FreeBSD

What is CVE-2024-51562?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.