FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-05-09 08:42:40 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
c62285cb-cb46-11ee-b609-002590c1f29c	FreeBSD -- bhyveload(8) host file access Problem Description: `bhyveload -h ` may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to , allowing the loader to read any file the host user has access to. Impact: In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root. Discovery 2024-02-14 Entry 2024-02-14 FreeBSD ge 14.0 lt 14.0_5 ge 13.2 lt 13.2_10 CVE-2024-25940 SA-24:01.bhyveload

VuXML ID

Description

c62285cb-cb46-11ee-b609-002590c1f29c

FreeBSD -- bhyveload(8) host file access

Problem Description:

`bhyveload -h ` may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to , allowing the loader to read any file the host user has access to.

Impact:

In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root.

Discovery 2024-02-14
Entry 2024-02-14
FreeBSD

ge 14.0 lt 14.0_5

ge 13.2 lt 13.2_10

CVE-2024-25940
SA-24:01.bhyveload