The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.
Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
Metrics
Affected Vendors & Products
References
History
Fri, 06 Sep 2024 17:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
ssvc
|
Thu, 05 Sep 2024 21:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Freebsd
Freebsd freebsd |
|
CPEs | cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.3:p5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:13.4:beta3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:p9:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:* cpe:2.3:o:freebsd:freebsd:14.1:p3:*:*:*:*:*:* |
|
Vendors & Products |
Freebsd
Freebsd freebsd |
|
Metrics |
cvssV3_1
|
Thu, 05 Sep 2024 04:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host. | |
Title | Multiple issues in ctl(4) CAM Target Layer | |
Weaknesses | CWE-416 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: freebsd
Published: 2024-09-05T04:31:22.649Z
Updated: 2024-09-06T16:18:12.181Z
Reserved: 2024-08-27T16:30:56.002Z
Link: CVE-2024-45063
Vulnrichment
Updated: 2024-09-05T13:05:30.474Z
NVD
Status : Modified
Published: 2024-09-05T05:15:13.830
Modified: 2024-09-06T17:35:18.370
Link: CVE-2024-45063
Redhat
No data.