FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
a6d5d4c1-0564-11ec-b69d-4062311215d5FreeBSD -- Missing error handling in bhyve(8) device models

Problem Description:

Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption.

Impact:

A malicious guest may be able to crash the bhyve process. It may be possible to exploit the memory corruption bugs to achieve arbitrary code execution in the bhyve process.


Discovery 2021-08-24
Entry 2021-08-25
FreeBSD
ge 13.0 lt 13.0_4

ge 12.2 lt 12.2_10

ge 11.4 lt 11.4_13

CVE-2021-29631
SA-21:13.bhyve