6.3

CVE-2024-25940

`bhyveload -h <host-path>` may be used to grant loader access to the <host-path> directory tree on the host.  Affected versions of bhyveload(8) do not make any attempt to restrict loader's access to <host-path>, allowing the loader to read any file the host user has access to. In the bhyveload(8) model, the host supplies a userboot.so to boot with, but the loader scripts generally come from the guest image.  A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root.

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
This information is available to logged-in users.
Data is provided by the National Vulnerability Database (NVD)
FreebsdFreebsd Version < 13.2
FreebsdFreebsd Version >= 13.3 < 14.0
FreebsdFreebsd Version13.2 Updatep1
FreebsdFreebsd Version13.2 Updatep2
FreebsdFreebsd Version13.2 Updatep3
FreebsdFreebsd Version13.2 Updatep4
FreebsdFreebsd Version13.2 Updatep5
FreebsdFreebsd Version13.2 Updatep6
FreebsdFreebsd Version13.2 Updatep7
FreebsdFreebsd Version13.2 Updatep8
FreebsdFreebsd Version13.2 Updatep9
FreebsdFreebsd Version14.0 Updatebeta5
FreebsdFreebsd Version14.0 Updatep1
FreebsdFreebsd Version14.0 Updatep2
FreebsdFreebsd Version14.0 Updatep3
FreebsdFreebsd Version14.0 Updatep4
FreebsdFreebsd Version14.0 Updaterc3
FreebsdFreebsd Version14.0 Updaterc4-p1
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.23% 0.458
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
134c704f-9b21-4f2e-91b3-4a467353bcc0 6.3 2.8 3.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.