FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Bhyve out-of-bounds read in XHCI device

Affected packages
12.0 <= FreeBSD-kernel < 12.0_8
11.2 <= FreeBSD-kernel < 11.2_12
11.3 <= FreeBSD-kernel < 11.3_1

Details

VuXML ID edf064fb-b30b-11e9-a87f-a4badb2f4699
Discovery 2019-07-24
Entry 2019-07-30

Problem Description:

The pci_xhci_device_doorbell() function does not validate the 'epid' and 'streamid' provided by the guest, leading to an out-of-bounds read.

Impact:

A misbehaving bhyve guest could crash the system or access memory that it should not be able to.

References

CVE Name CVE-2019-5604
FreeBSD Advisory SA-19:16.bhyve