Friend
Professional
- Messages
- 2,659
- Reaction score
- 867
- Points
- 113
Managing virtual machines is no longer secure for many administrators.
A critical vulnerability has been discovered in the FreeBSD operating system that allows remote code execution (RCE) through the bhyve hypervisor. The flaw, which received the identifier CVE-2024-41721, was disclosed on September 19, 2024. The discovery is attributed to researchers from the Synacktiv company.
The vulnerability is related to errors in XHCI emulation in the bhyve hypervisor, which is used to start virtual machines. The main cause is insufficient data boundary checking in the USB code, which leads to data being read outside the allowed area in memory.
Successful exploitation of the vulnerability could allow an attacker running on a guest system to crash the hypervisor process or execute malicious code at the host system level. Given that the bhyve process is usually run as root, the consequences can be quite serious.
Although bhyve operates in an isolated Capsicum sandbox, it does not completely eliminate the risk. Systems that use XHCI emulation are particularly vulnerable because there are no workarounds for them. The vulnerability affects all supported versions of FreeBSD, and its exploitation could lead to unauthorized access or full control of the system.
Updates for all current versions of FreeBSD were released on September 19. Administrators are encouraged to apply patches as soon as possible to avoid the unintended consequences of potential attacks. For systems with XHCI emulation, it is critical to restart guest operating systems after the patch has been applied.
Source
A critical vulnerability has been discovered in the FreeBSD operating system that allows remote code execution (RCE) through the bhyve hypervisor. The flaw, which received the identifier CVE-2024-41721, was disclosed on September 19, 2024. The discovery is attributed to researchers from the Synacktiv company.
The vulnerability is related to errors in XHCI emulation in the bhyve hypervisor, which is used to start virtual machines. The main cause is insufficient data boundary checking in the USB code, which leads to data being read outside the allowed area in memory.
Successful exploitation of the vulnerability could allow an attacker running on a guest system to crash the hypervisor process or execute malicious code at the host system level. Given that the bhyve process is usually run as root, the consequences can be quite serious.
Although bhyve operates in an isolated Capsicum sandbox, it does not completely eliminate the risk. Systems that use XHCI emulation are particularly vulnerable because there are no workarounds for them. The vulnerability affects all supported versions of FreeBSD, and its exploitation could lead to unauthorized access or full control of the system.
Updates for all current versions of FreeBSD were released on September 19. Administrators are encouraged to apply patches as soon as possible to avoid the unintended consequences of potential attacks. For systems with XHCI emulation, it is critical to restart guest operating systems after the patch has been applied.
Source
