Allele Security Alert
ASA-2019-00471
Identifier(s)
ASA-2019-00471, CVE-2019-5604, FreeBSD-SA-19:16.bhyve
Title
Bhyve out-of-bounds read in XHCI device
Vendor(s)
The FreeBSD Project
Product(s)
FreeBSD Bhyve
Affected version(s)
All supported versions of FreeBSD
Fixed version(s)
2019-07-23 17:48:37 UTC (stable/12, 12.0-STABLE)
2019-07-24 12:56:06 UTC (releng/12.0, 12.0-RELEASE-p8)
2019-07-23 17:48:37 UTC (stable/11, 11.2-STABLE)
2019-07-24 12:56:06 UTC (releng/11.2, 11.2-RELEASE-p12)
2019-07-24 12:56:06 UTC (releng/11.3, 11.3-RELEASE-p1)
Proof of concept
Unknown
Description
The pci_xhci_device_doorbell() function does not validate the ‘epid’ and ‘streamid’ provided by the guest, leading to an out-of-bounds read.
A misbehaving bhyve guest could crash the system or access memory that it should not be able to.
Technical details
Unknown
Credits
Reno Robert
Reference(s)
FreeBSD-SA-19:16.bhyve
https://www.freebsd.org/security/advisories/FreeBSD-SA-19:16.bhyve.asc
bhyve.patch
https://security.FreeBSD.org/patches/SA-19:16/bhyve.patch
Add appropriate bounds checks on the epid and streamid fields in the
device doorbell registers.
https://svnweb.freebsd.org/base?view=revision&revision=r350246
Fix byhve out-of-bounds read in XHCI device.
https://svnweb.freebsd.org/base?view=revision&revision=r350285
Add appropriate bounds checks on the epid and streamid fields in the
device doorbell registers.
https://svnweb.freebsd.org/base?view=revision&revision=r350247
CVE-2019-5604
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-5604
CVE-2019-5604
https://nvd.nist.gov/vuln/detail/CVE-2019-5604
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: August 1, 2019