Back to search
CVE-2020-10565
Published: Mar 14, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
grub2-bhyve, as used in FreeBSD bhyve before revision 525916 2020-02-12, does not validate the address provided as part of a memrw command (read_* or write_*) by a guest through a grub2.cfg file. This allows an untrusted guest to perform arbitrary read or write operations in the context of the grub-bhyve process, resulting in code execution as root on the host OS.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://svnweb.freebsd.org/ports?view=revision&revision=525916
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now