Vulnerabilities > Freebsd > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-05 CVE-2024-32668 Out-of-bounds Write vulnerability in Freebsd
An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root.
local
low complexity
freebsd CWE-787
8.2
2024-09-05 CVE-2024-42416 Improper Validation of Specified Quantity in Input vulnerability in Freebsd
The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.
local
low complexity
freebsd CWE-1284
8.8
2024-09-05 CVE-2024-43110 Out-of-bounds Read vulnerability in Freebsd
The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.
local
low complexity
freebsd CWE-125
8.8
2024-09-05 CVE-2024-45063 Use After Free vulnerability in Freebsd
The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.
local
low complexity
freebsd CWE-416
8.8
2024-09-05 CVE-2024-8178 Missing Initialization of Resource vulnerability in Freebsd
The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.
local
low complexity
freebsd CWE-909
8.8
2024-09-05 CVE-2024-45287 Integer Overflow or Wraparound vulnerability in Freebsd
A malicious value of size in a structure of packed libnv can cause an integer overflow, leading to the allocation of a smaller buffer than required for the parsed data.
network
low complexity
freebsd CWE-190
7.5
2024-08-12 CVE-2024-6760 Unspecified vulnerability in Freebsd
A logic bug in the code which disables kernel tracing for setuid programs meant that tracing was not disabled when it should have, allowing unprivileged users to trace and inspect the behavior of setuid programs. The bug may be used by an unprivileged user to read the contents of files to which they would not otherwise have access, such as the local password database.
network
low complexity
freebsd
7.5
2024-08-12 CVE-2024-7589 Race Condition vulnerability in Freebsd
A signal handler in sshd(8) may call a logging function that is not async-signal-safe.
network
high complexity
freebsd CWE-362
8.1
2024-07-01 CVE-2024-6387 Race Condition vulnerability in multiple products
A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd).
8.1
2024-02-15 CVE-2022-23084 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Freebsd
The total size of the user-provided nmreq to nmreq_copyin() was first computed and then trusted during the copyin.
local
high complexity
freebsd CWE-367
7.5