8.8

CVE-2024-43110

The ctl_request_sense function could expose up to three bytes of the kernel heap to userspace.

Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.  Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.  A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

Data is provided by the National Vulnerability Database (NVD)
FreebsdFreebsd Version >= 13.0 < 13.3
FreebsdFreebsd Version13.3 Update-
FreebsdFreebsd Version13.3 Updatep1
FreebsdFreebsd Version13.3 Updatep2
FreebsdFreebsd Version13.3 Updatep3
FreebsdFreebsd Version13.3 Updatep4
FreebsdFreebsd Version13.3 Updatep5
FreebsdFreebsd Version13.4 Updatebeta3
FreebsdFreebsd Version14.0 Update-
FreebsdFreebsd Version14.0 Updatebeta5
FreebsdFreebsd Version14.0 Updatep1
FreebsdFreebsd Version14.0 Updatep2
FreebsdFreebsd Version14.0 Updatep3
FreebsdFreebsd Version14.0 Updatep4
FreebsdFreebsd Version14.0 Updatep5
FreebsdFreebsd Version14.0 Updatep6
FreebsdFreebsd Version14.0 Updatep7
FreebsdFreebsd Version14.0 Updatep8
FreebsdFreebsd Version14.0 Updatep9
FreebsdFreebsd Version14.0 Updaterc3
FreebsdFreebsd Version14.0 Updaterc4-p1
FreebsdFreebsd Version14.1 Update-
FreebsdFreebsd Version14.1 Updatep1
FreebsdFreebsd Version14.1 Updatep2
FreebsdFreebsd Version14.1 Updatep3
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.16% 0.377
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 8.8 2 6
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.4 2.5 5.9
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.