Vulnerabilities > Freebsd > High
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-05 | CVE-2024-32668 | Out-of-bounds Write vulnerability in Freebsd An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. | 8.2 |
2024-09-05 | CVE-2024-42416 | Improper Validation of Specified Quantity in Input vulnerability in Freebsd The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. | 8.8 |
2024-09-05 | CVE-2024-43110 | Out-of-bounds Read vulnerability in Freebsd The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. | 8.8 |
2024-09-05 | CVE-2024-45063 | Use After Free vulnerability in Freebsd The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. | 8.8 |
2024-09-05 | CVE-2024-8178 | Missing Initialization of Resource vulnerability in Freebsd The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. | 8.8 |
2024-09-05 | CVE-2024-45287 | Integer Overflow or Wraparound vulnerability in Freebsd A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data. | 7.5 |
2024-08-12 | CVE-2024-6760 | Unspecified vulnerability in Freebsd A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database. | 7.5 |
2024-08-12 | CVE-2024-7589 | Race Condition vulnerability in Freebsd A signal handler in sshd(8) may call a logging function that is not async-signal-safe. | 8.1 |
2024-07-01 | CVE-2024-6387 | Race Condition vulnerability in multiple products A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). | 8.1 |
2024-02-15 | CVE-2022-23084 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Freebsd The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin. | 7.5 |