FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Insufficient bounds checking in bhyve(8) device model

Affected packages
11.2 <= FreeBSD < 11.2_6

Details

VuXML ID 32498c8f-fc84-11e8-be12-a4badb2f4699
Discovery 2018-12-04
Entry 2018-12-10

Problem Description:

Insufficient bounds checking in one of the device models provided by bhyve(8) can permit a guest operating system to overwrite memory in the bhyve(8) processing possibly permitting arbitary code execution.

Impact:

A guest OS using a firmware image can cause the bhyve process to crash, or possibly execute arbitrary code on the host as root.

References

CVE Name CVE-2018-1716
FreeBSD Advisory SA-18:14.bhyve