Lucene search
Alisa Esage of Zero Day Engineering (zerodayengineering.com)ZDI-22-949HistoryJul 06, 2022 - 12:00 a.m.
(0Day) xhyve e1000 Stack-based Buffer Overflow Local Privilege Escalation Vulnerability
2022-07-0600:00:00
Alisa Esage of Zero Day Engineering (zerodayengineering.com)
www.zerodayinitiative.com
18
0.001 Low
EPSS
Percentile
38.9%
This vulnerability allows local attackers to escalate privileges on affected installations of xhyve. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the e1000 virtual device. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a stack-based buffer. An attacker can leverage this vulnerability to escalate privileges and execute arbitrary code in the context of the hypervisor.
Related
osv
osv
CVE-2022-35867
2022-08-03 16:15:08
cvelist
cvelist
CVE-2022-35867
2022-08-03 15:22:14
CVE-2019-5609
2019-08-29 21:54:42
prion
prion
Stack overflow
2022-08-03 16:15:00
Stack overflow
2019-08-30 09:15:00
nvd
nvd
CVE-2022-35867
2022-08-03 16:15:08
CVE-2019-5609
2019-08-30 09:15:20
cve
cve
CVE-2022-35867
2022-08-03 16:15:08
CVE-2019-5609
2019-08-30 09:15:20
nessus
nessus
freebsd
freebsd
FreeBSD -- Insufficient validation of guest-supplied data (e1000 device)
2019-08-06 00:00:00
debiancve
debiancve
CVE-2019-5609
2019-08-30 09:15:20
freebsd_advisory
freebsd_advisory
FreeBSD-SA-19:21.bhyve
2019-08-06 00:00:00