Vulnerabilities > CVE-2020-24718 - Missing Authorization vulnerability in multiple products

047910
CVSS 8.2 - HIGH
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
HIGH
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.

Vulnerable Configurations

Part Description Count
OS
Freebsd
857
OS
Omniosce
10
OS
Openindiana
15
Application
Netapp
1

Common Weakness Enumeration (CWE)