Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
bhyve(8) privileged guest escape via USB controller
Vulnerability Description
An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.
CVSS Information
N/A
Vulnerability Type
Off-by-one错误
Vulnerability Title
FreeBSD 缓冲区错误漏洞
Vulnerability Description
FreeBSD是FreeBSD基金会的一套类Unix操作系统。 FreeBSD 存在缓冲区错误漏洞,该漏洞源于 USB 代码中的边界验证不足可能会导致越界写入。
CVSS Information
N/A
Vulnerability Type
N/A