Home

Description

The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

PUBLISHED Reserved 2024-08-26 | Published 2024-09-05 | Updated 2025-11-04 | Assigner freebsd

Problem types

CWE-908 Use of Uninitialized Resource

CWE-909 Missing Initialization of Resource

Product status

Default status
unknown

14.1-RELEASE (release) before p4
affected

14.0-RELEASE (release) before p10
affected

13.3-RELEASE (release) before p6
affected

Credits

Synacktiv finder

The FreeBSD Foundation sponsor

The Alpha-Omega Project sponsor

References

security.netapp.com/advisory/ntap-20240920-0010/

security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc vendor-advisory

cve.org (CVE-2024-8178)

nvd.nist.gov (CVE-2024-8178)

Download JSON