Malicious Code Execution in Bhyve Userspace via Uninitialized Memory Allocation
CVE-2024-8178

8.8HIGH

Key Information:

Vendor: FreeBSD
Status: FreeBSD
Vendor: CVE Published:; 5 September 2024

What is CVE-2024-8178?

The vulnerability arises from the ctl_write_buffer and ctl_read_buffer functions within the FreeBSD Operating System, which allocate memory to be utilized in userspace without proper initialization. This oversight allows malicious software operating within a guest virtual machine to exploit the allocated, uninitialized memory. By taking advantage of this flaw, attackers could execute arbitrary code on the host system, particularly in the context of the bhyve userspace process that usually operates with root privileges. Although bhyve employs a Capsicum sandboxing mechanism to limit the capabilities of the running process, the risk remains significant, as a malicious iSCSI initiator could conduct remote code execution on the iSCSI target host.

Affected Version(s)

FreeBSD 14.1-RELEASE

FreeBSD 14.0-RELEASE

FreeBSD 13.3-RELEASE

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:11....

vendor-advisory

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Sep 5, 2024
Vulnerability Reserved
Aug 26, 2024

Credit

Synacktiv

The FreeBSD Foundation

The Alpha-Omega Project