8.2
CWE
862
Advisory Published
Updated

CVE-2020-24718

First published: Fri Sep 25 2020(Updated: )

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.

Credit: cve@mitre.org

Affected SoftwareAffected VersionHow to fix
FreeBSD FreeBSD<=11.2
FreeBSD FreeBSD=11.3
FreeBSD FreeBSD=11.3-p1
FreeBSD FreeBSD=11.3-p10
FreeBSD FreeBSD=11.3-p11
FreeBSD FreeBSD=11.3-p12
FreeBSD FreeBSD=11.3-p13
FreeBSD FreeBSD=11.3-p2
FreeBSD FreeBSD=11.3-p3
FreeBSD FreeBSD=11.3-p4
FreeBSD FreeBSD=11.3-p5
FreeBSD FreeBSD=11.3-p6
FreeBSD FreeBSD=11.3-p7
FreeBSD FreeBSD=11.3-p8
FreeBSD FreeBSD=11.3-p9
FreeBSD FreeBSD=11.3-rc3
FreeBSD FreeBSD=11.4
FreeBSD FreeBSD=11.4-beta1
FreeBSD FreeBSD=11.4-p1
FreeBSD FreeBSD=11.4-p2
FreeBSD FreeBSD=11.4-p3
FreeBSD FreeBSD=11.4-rc1
FreeBSD FreeBSD=11.4-rc2
FreeBSD FreeBSD=12.0
FreeBSD FreeBSD=12.0-p1
FreeBSD FreeBSD=12.0-p10
FreeBSD FreeBSD=12.0-p11
FreeBSD FreeBSD=12.0-p12
FreeBSD FreeBSD=12.0-p2
FreeBSD FreeBSD=12.0-p3
FreeBSD FreeBSD=12.0-p4
FreeBSD FreeBSD=12.0-p5
FreeBSD FreeBSD=12.0-p6
FreeBSD FreeBSD=12.0-p7
FreeBSD FreeBSD=12.0-p8
FreeBSD FreeBSD=12.0-p9
FreeBSD FreeBSD=12.1
FreeBSD FreeBSD=12.1-p1
FreeBSD FreeBSD=12.1-p2
FreeBSD FreeBSD=12.1-p3
FreeBSD FreeBSD=12.1-p4
FreeBSD FreeBSD=12.1-p5
FreeBSD FreeBSD=12.1-p6
FreeBSD FreeBSD=12.1-p7
FreeBSD FreeBSD=12.1-p8
FreeBSD FreeBSD=12.1-p9
Omniosce Omnios<=r151034
Openindiana Openindiana<=hipster_2020.04
NetApp Clustered Data ONTAP

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Frequently Asked Questions

  • What is CVE-2020-24718?

    CVE-2020-24718 is a vulnerability in bhyve, as used in FreeBSD through 12.1 and illumos, that allows a root user in a container on an Intel system to gain privileges by modifying VMCS_HO.

  • How does CVE-2020-24718 impact FreeBSD and illumos?

    CVE-2020-24718 impacts FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04).

  • What is the severity of CVE-2020-24718?

    CVE-2020-24718 has a severity rating of 8.2 (high).

  • How can an attacker exploit CVE-2020-24718?

    An attacker can exploit CVE-2020-24718 by being a root user in a container on an Intel system and modifying VMCS_HO to gain privileges.

  • Where can I find more information about CVE-2020-24718?

    You can find more information about CVE-2020-24718 in the references provided: [GitHub](https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249), [FreeBSD Security Advisory](https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc), and [NetApp Security Advisory](https://security.netapp.com/advisory/ntap-20201016-0002/).

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203