FreeBSDEDF064FB-B30B-11E9-A87F-A4BADB2F4699FreeBSD -- Bhyve out-of-bounds read in XHCI device
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:N/A:C
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
0.003 Low
EPSS
Percentile
68.3%
Problem Description:
The pci_xhci_device_doorbell() function does not validate
the ‘epid’ and ‘streamid’ provided by the guest, leading
to an out-of-bounds read.
Impact:
A misbehaving bhyve guest could crash the system or
access memory that it should not be able to.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| FreeBSD | any | noarch | freebsd-kernel | = 12.0 | UNKNOWN |
| FreeBSD | any | noarch | freebsd-kernel | < 12.0_8 | UNKNOWN |
Related
8.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:N/A:C
9.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:H
0.003 Low
EPSS
Percentile
68.3%