FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- Missing error handling in bhyve(8) device models

Affected packages
13.0 <= FreeBSD < 13.0_4
12.2 <= FreeBSD < 12.2_10
11.4 <= FreeBSD < 11.4_13

Details

VuXML ID a6d5d4c1-0564-11ec-b69d-4062311215d5
Discovery 2021-08-24
Entry 2021-08-25

Problem Description:

Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption.

Impact:

A malicious guest may be able to crash the bhyve process. It may be possible to exploit the memory corruption bugs to achieve arbitrary code execution in the bhyve process.

References

CVE Name CVE-2021-29631
FreeBSD Advisory SA-21:13.bhyve