Allele Security Alert
ASA-2018-00065
Identifier(s)
ASA-2018-00065, FreeBSD-SA-18:14.bhyve, CVE-2018-17160
Title
Insufficient bounds checking in bhyve(8) device model
Vendor(s)
The bhyve development team
Product(s)
bhyve
Affected version(s)
All supported versions of FreeBSD.
Fixed version(s)
stable/11, 11.2-STABLE
releng/11.2, 11.2-RELEASE-p6
Proof of concept
Unknown
Description
Insufficient bounds checking in one of the device models provided by bhyve(8) can permit a guest operating system to overwrite memory in the bhyve(8) processing possibly permitting arbitrary code execution.
Technical details
bhyve doesn’t treat firmware request and response sizes as unsigned.
There is an incomplete bounds check on the guest-supplied request size where a very large request size could be interpreted as a negative value and not be caught by the bounds check.
Credits
Reno Robert
Reference(s)
FreeBSD Security Advisory FreeBSD-SA-18:14.bhyve
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:14.bhyve.asc
FreeBSD Security Advisory FreeBSD-SA-18:14.bhyve
https://seclists.org/bugtraq/2018/Dec/5
[base] Revision 341486
https://svnweb.freebsd.org/base?view=revision&revision=r341486
CVE-2018-17160
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-17160
CVE-2018-17160
https://nvd.nist.gov/vuln/detail/CVE-2018-17160
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: February 1, 2019