FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-07 16:55:44 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
eb5c615d-a173-11ef-9a62-002590c1f29c	FreeBSD -- Multiple issues in the bhyve hypervisor Problem Description: Several vulnerabilities were found in the bhyve hypervisor's device models. The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over- read from a guest-controlled value. (CVE-2024-51562) The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. (CVE-2024-51563) A guest can trigger an infinite loop in the hda audio driver. (CVE-2024-51564) The hda driver is vulnerable to a buffer over-read from a guest-controlled value. (CVE-2024-51565) The NVMe driver queue processing is vulernable to guest-induced infinite loops. (CVE-2024-51566) Impact: Malicious guest virtual machines may be able to perform a denial of service (DoS) of the bhyve host, and may read memory within the bhyve process that they should not be able to access. Discovery 2024-10-29 Entry 2024-11-13 FreeBSD >= 14.1 lt 14.1_6 >= 13.4 lt 13.4_2 >= 13.3 lt 13.3_8 CVE-2024-51562 CVE-2024-51563 CVE-2024-51564 CVE-2024-51565 CVE-2024-51566 SA-24:17.bhyve

VuXML ID

Description

eb5c615d-a173-11ef-9a62-002590c1f29c

FreeBSD -- Multiple issues in the bhyve hypervisor

Problem Description:

Several vulnerabilities were found in the bhyve hypervisor's device models.

The NVMe driver function nvme_opc_get_log_page is vulnerable to a buffer over- read from a guest-controlled value. (CVE-2024-51562)

The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition. (CVE-2024-51563)

A guest can trigger an infinite loop in the hda audio driver. (CVE-2024-51564)

The hda driver is vulnerable to a buffer over-read from a guest-controlled value. (CVE-2024-51565)

The NVMe driver queue processing is vulernable to guest-induced infinite loops. (CVE-2024-51566)

Impact:

Malicious guest virtual machines may be able to perform a denial of service (DoS) of the bhyve host, and may read memory within the bhyve process that they should not be able to access.

Discovery 2024-10-29
Entry 2024-11-13
FreeBSD

>= 14.1 lt 14.1_6

>= 13.4 lt 13.4_2

>= 13.3 lt 13.3_8

CVE-2024-51562
CVE-2024-51563
CVE-2024-51564
CVE-2024-51565
CVE-2024-51566
SA-24:17.bhyve