CVE-2018-17160

In FreeBSD before 11.2-STABLE(r341486) and 11.2-RELEASE-p6, insufficient bounds checking in one of the device models provided by bhyve can permit a guest operating system to overwrite memory in the bhyve host possibly permitting arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.
References
Link Resource
https://security.freebsd.org/advisories/FreeBSD-SA-18:14.bhyve.asc Mitigation Patch Vendor Advisory
http://www.securityfocus.com/bid/106210 Third Party Advisory VDB Entry
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

OR cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*

Information

Published : 2018-12-04 13:29

Updated : 2020-08-24 10:37


NVD link : CVE-2018-17160

Mitre link : CVE-2018-17160


JSON object : View

CWE
CWE-787

Out-of-bounds Write

Advertisement

dedicated server usa

Products Affected

freebsd

  • freebsd