QwikSec

Security Database

CVE

CWE

Training

CVE-2024-41928

Published: Sep 5, 2024

Modified: Sep 20, 2024

PUBLISHED

Description

Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.

Vendor	Product	Versions
FreeBSD	FreeBSD	affected `14.1-RELEASE - < p4` affected `14.0-RELEASE - < p10`

Weaknesses (CWE)

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.