Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Multiple issues in ctl(4) CAM Target Layer
Vulnerability Description
The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
CVSS Information
N/A
Vulnerability Type
对未经初始化资源的使用
Vulnerability Title
FreeBSD 安全漏洞
Vulnerability Description
FreeBSD是FreeBSD基金会的一套类Unix操作系统。 FreeBSD 存在安全漏洞,该漏洞源于 ctl_write_buffer 和 ctl_read_buffer 函数分配内存以返回到用户空间,而不对其进行初始化。
CVSS Information
N/A
Vulnerability Type
N/A