25/9/2020
4/8/2024
CVE-2020-24718
First published: Fri Sep 25 2020(Updated: )
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|
FreeBSD FreeBSD | <=11.2 | |
FreeBSD FreeBSD | =11.3 | |
FreeBSD FreeBSD | =11.3-p1 | |
FreeBSD FreeBSD | =11.3-p10 | |
FreeBSD FreeBSD | =11.3-p11 | |
FreeBSD FreeBSD | =11.3-p12 | |
FreeBSD FreeBSD | =11.3-p13 | |
FreeBSD FreeBSD | =11.3-p2 | |
FreeBSD FreeBSD | =11.3-p3 | |
FreeBSD FreeBSD | =11.3-p4 | |
FreeBSD FreeBSD | =11.3-p5 | |
FreeBSD FreeBSD | =11.3-p6 | |
FreeBSD FreeBSD | =11.3-p7 | |
FreeBSD FreeBSD | =11.3-p8 | |
FreeBSD FreeBSD | =11.3-p9 | |
FreeBSD FreeBSD | =11.3-rc3 | |
FreeBSD FreeBSD | =11.4 | |
FreeBSD FreeBSD | =11.4-beta1 | |
FreeBSD FreeBSD | =11.4-p1 | |
FreeBSD FreeBSD | =11.4-p2 | |
FreeBSD FreeBSD | =11.4-p3 | |
FreeBSD FreeBSD | =11.4-rc1 | |
FreeBSD FreeBSD | =11.4-rc2 | |
FreeBSD FreeBSD | =12.0 | |
FreeBSD FreeBSD | =12.0-p1 | |
FreeBSD FreeBSD | =12.0-p10 | |
FreeBSD FreeBSD | =12.0-p11 | |
FreeBSD FreeBSD | =12.0-p12 | |
FreeBSD FreeBSD | =12.0-p2 | |
FreeBSD FreeBSD | =12.0-p3 | |
FreeBSD FreeBSD | =12.0-p4 | |
FreeBSD FreeBSD | =12.0-p5 | |
FreeBSD FreeBSD | =12.0-p6 | |
FreeBSD FreeBSD | =12.0-p7 | |
FreeBSD FreeBSD | =12.0-p8 | |
FreeBSD FreeBSD | =12.0-p9 | |
FreeBSD FreeBSD | =12.1 | |
FreeBSD FreeBSD | =12.1-p1 | |
FreeBSD FreeBSD | =12.1-p2 | |
FreeBSD FreeBSD | =12.1-p3 | |
FreeBSD FreeBSD | =12.1-p4 | |
FreeBSD FreeBSD | =12.1-p5 | |
FreeBSD FreeBSD | =12.1-p6 | |
FreeBSD FreeBSD | =12.1-p7 | |
FreeBSD FreeBSD | =12.1-p8 | |
FreeBSD FreeBSD | =12.1-p9 | |
Omniosce Omnios | <=r151034 | |
Openindiana Openindiana | <=hipster_2020.04 | |
NetApp Clustered Data ONTAP | | |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2020-24718?
CVE-2020-24718 is a vulnerability in bhyve, as used in FreeBSD through 12.1 and illumos, that allows a root user in a container on an Intel system to gain privileges by modifying VMCS_HO.
How does CVE-2020-24718 impact FreeBSD and illumos?
CVE-2020-24718 impacts FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04).
What is the severity of CVE-2020-24718?
CVE-2020-24718 has a severity rating of 8.2 (high).
How can an attacker exploit CVE-2020-24718?
An attacker can exploit CVE-2020-24718 by being a root user in a container on an Intel system and modifying VMCS_HO to gain privileges.
Where can I find more information about CVE-2020-24718?
You can find more information about CVE-2020-24718 in the references provided: [GitHub](https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249), [FreeBSD Security Advisory](https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc), and [NetApp Security Advisory](https://security.netapp.com/advisory/ntap-20201016-0002/).
- collector/nvd-index
- agent/references
- agent/severity
- agent/weakness
- agent/author
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/freebsd
- canonical/freebsd freebsd
- version/freebsd freebsd/11.2
- version/freebsd freebsd/11.3
- version/freebsd freebsd/11.3-p1
- version/freebsd freebsd/11.3-p10
- version/freebsd freebsd/11.3-p11
- version/freebsd freebsd/11.3-p12
- version/freebsd freebsd/11.3-p13
- version/freebsd freebsd/11.3-p2
- version/freebsd freebsd/11.3-p3
- version/freebsd freebsd/11.3-p4
- version/freebsd freebsd/11.3-p5
- version/freebsd freebsd/11.3-p6
- version/freebsd freebsd/11.3-p7
- version/freebsd freebsd/11.3-p8
- version/freebsd freebsd/11.3-p9
- version/freebsd freebsd/11.3-rc3
- version/freebsd freebsd/11.4
- version/freebsd freebsd/11.4-beta1
- version/freebsd freebsd/11.4-p1
- version/freebsd freebsd/11.4-p2
- version/freebsd freebsd/11.4-p3
- version/freebsd freebsd/11.4-rc1
- version/freebsd freebsd/11.4-rc2
- version/freebsd freebsd/12.0
- version/freebsd freebsd/12.0-p1
- version/freebsd freebsd/12.0-p10
- version/freebsd freebsd/12.0-p11
- version/freebsd freebsd/12.0-p12
- version/freebsd freebsd/12.0-p2
- version/freebsd freebsd/12.0-p3
- version/freebsd freebsd/12.0-p4
- version/freebsd freebsd/12.0-p5
- version/freebsd freebsd/12.0-p6
- version/freebsd freebsd/12.0-p7
- version/freebsd freebsd/12.0-p8
- version/freebsd freebsd/12.0-p9
- version/freebsd freebsd/12.1
- version/freebsd freebsd/12.1-p1
- version/freebsd freebsd/12.1-p2
- version/freebsd freebsd/12.1-p3
- version/freebsd freebsd/12.1-p4
- version/freebsd freebsd/12.1-p5
- version/freebsd freebsd/12.1-p6
- version/freebsd freebsd/12.1-p7
- version/freebsd freebsd/12.1-p8
- version/freebsd freebsd/12.1-p9
- vendor/omniosce
- canonical/omniosce omnios
- version/omniosce omnios/r151034
- vendor/openindiana
- canonical/openindiana openindiana
- version/openindiana openindiana/hipster_2020.04
- vendor/netapp
- canonical/netapp clustered data ontap
Contact
SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.coBy using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203