This page displays vulnerability information about FreeBSD Ports.
The VUXML data was last processed by FreshPorts on 2024-04-25 11:22:49 UTC
List all Vulnerabilities, by package
List all Vulnerabilities, by date
k68These are the vulnerabilities relating to the commit you have selected:
VuXML ID | Description |
---|---|
2c5b9cd7-f7e6-11ea-88f8-901b0ef719ab | FreeBSD -- bhyve privilege escalation via VMCS accessProblem Description:AMD and Intel CPUs support hardware virtualization using specialized data structures that control various aspects of guest operation. These are the Virtual Machine Control Structure (VMCS) on Intel CPUs, and the Virtual Machine Control Block (VMCB) on AMD CPUs. Insufficient access controls allow root users, including those running in a jail, to change these data structures. Impact:An attacker with host root access (including to a jailed bhyve instance) can use this vulnerability to achieve kernel code execution. Discovery 2020-09-15 Entry 2020-09-16 FreeBSD-kernel ge 12.1 lt 12.1_10 ge 11.4 lt 11.4_4 ge 11.3 lt 11.3_14 CVE-2020-24718 SA-20:28.bhyve_vmcs |