Time-of-Check to Time-of-Use Race Condition in FreeBSD Bhyve Virtual Machine Monitor
CVE-2024-51563

Currently unrated

Key Information:

Vendor: FreeBSD
Status: Bhyve Virtual Machine Monitor
Vendor: CVE Published:; 12 November 2024

What is CVE-2024-51563?

A vulnerability exists in the virtio_vq_recordon function of the FreeBSD Bhyve virtual machine monitor. This flaw is characterized by a time-of-check to time-of-use (TOCTOU) race condition, which may be exploited in scenarios where an attacker can manipulate the timing between operations, potentially leading to unexpected behavior. Systems utilizing Bhyve for virtualization could be at risk of integrity violations, making it essential for administrators to ensure their environments are properly secured against such timing attacks.

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:17....

Timeline

Vulnerability published
Nov 12, 2024