Vulnerabilities > Freebsd
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-05 | CVE-2024-32668 | Out-of-bounds Write vulnerability in Freebsd An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. | 8.2 |
| 2024-09-05 | CVE-2024-42416 | Improper Validation of Specified Quantity in Input vulnerability in Freebsd The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. | 8.8 |
| 2024-09-05 | CVE-2024-43102 | Use After Free vulnerability in Freebsd Concurrent removals of certain anonymous shared memory mappings by using the UMTX_SHM_DESTROY sub-request of UMTX_OP_SHM can lead to decreasing the reference count of the object representing the mapping too many times, causing it to be freed too early. A malicious code exercizing the UMTX_SHM_DESTROY sub-request in parallel can panic the kernel or enable further Use-After-Free attacks, potentially including code execution or Capsicum sandbox escape. | 10.0 |
| 2024-09-05 | CVE-2024-43110 | Out-of-bounds Read vulnerability in Freebsd The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. | 8.8 |
| 2024-09-05 | CVE-2024-45063 | Use After Free vulnerability in Freebsd The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. | 8.8 |
| 2024-09-05 | CVE-2024-8178 | Missing Initialization of Resource vulnerability in Freebsd The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. | 8.8 |
| 2024-09-05 | CVE-2024-45287 | Integer Overflow or Wraparound vulnerability in Freebsd A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. | 7.5 |
| 2024-08-12 | CVE-2024-6759 | Path Traversal vulnerability in Freebsd When mounting a remote filesystem using NFS, the kernel did not sanitize remotely provided filenames for the path separator character, "/". | 5.3 |
| 2024-08-12 | CVE-2024-6760 | Unspecified vulnerability in Freebsd A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database. | 7.5 |
| 2024-08-12 | CVE-2024-7589 | Race Condition vulnerability in Freebsd A signal handler in sshd(8) may call a logging function that is not async-signal-safe. | 8.1 |