CVE-2024-25940

Published: Feb 15, 2024

Modified: Feb 13, 2025

PUBLISHED

Description

`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root.

Vendor	Product	Versions
FreeBSD	FreeBSD	affected `14.0-RELEASE - < p5` affected `13.2-RELEASE - < p10`

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc

vendor-advisory

https://security.netapp.com/advisory/ntap-20240419-0004/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-25940

Description

Affected Products

References