FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
2c5b9cd7-f7e6-11ea-88f8-901b0ef719ab	FreeBSD -- bhyve privilege escalation via VMCS access Problem Description: AMD and Intel CPUs support hardware virtualization using specialized data structures that control various aspects of guest operation. These are the Virtual Machine Control Structure (VMCS) on Intel CPUs, and the Virtual Machine Control Block (VMCB) on AMD CPUs. Insufficient access controls allow root users, including those running in a jail, to change these data structures. Impact: An attacker with host root access (including to a jailed bhyve instance) can use this vulnerability to achieve kernel code execution. Discovery 2020-09-15 Entry 2020-09-16 FreeBSD-kernel ge 12.1 lt 12.1_10 ge 11.4 lt 11.4_4 ge 11.3 lt 11.3_14 CVE-2020-24718 SA-20:28.bhyve_vmcs

VuXML ID

Description

2c5b9cd7-f7e6-11ea-88f8-901b0ef719ab

FreeBSD -- bhyve privilege escalation via VMCS access

Problem Description:

AMD and Intel CPUs support hardware virtualization using specialized data structures that control various aspects of guest operation. These are the Virtual Machine Control Structure (VMCS) on Intel CPUs, and the Virtual Machine Control Block (VMCB) on AMD CPUs. Insufficient access controls allow root users, including those running in a jail, to change these data structures.

Impact:

An attacker with host root access (including to a jailed bhyve instance) can use this vulnerability to achieve kernel code execution.

Discovery 2020-09-15
Entry 2020-09-16
FreeBSD-kernel

ge 12.1 lt 12.1_10

ge 11.4 lt 11.4_4

ge 11.3 lt 11.3_14

CVE-2020-24718
SA-20:28.bhyve_vmcs