FreeBSD2C5B9CD7-F7E6-11EA-88F8-901B0EF719ABFreeBSD -- bhyve privilege escalation via VMCS access
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
39.4%
Problem Description:
AMD and Intel CPUs support hardware virtualization using specialized data
structures that control various aspects of guest operation. These are the
Virtual Machine Control Structure (VMCS) on Intel CPUs, and the Virtual
Machine Control Block (VMCB) on AMD CPUs. Insufficient access controls allow
root users, including those running in a jail, to change these data
structures.
Impact:
An attacker with host root access (including to a jailed bhyve instance) can
use this vulnerability to achieve kernel code execution.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | freebsd-kernel | = 12.1 | UNKNOWN |
| FreeBSD | any | noarch | freebsd-kernel | < 12.1_10 | UNKNOWN |
Related
7.2 High
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
8.2 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
0.001 Low
EPSS
Percentile
39.4%