First published: Fri Sep 25 2020(Updated: )
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
FreeBSD FreeBSD | <=11.2 | |
FreeBSD FreeBSD | =11.3 | |
FreeBSD FreeBSD | =11.3-p1 | |
FreeBSD FreeBSD | =11.3-p10 | |
FreeBSD FreeBSD | =11.3-p11 | |
FreeBSD FreeBSD | =11.3-p12 | |
FreeBSD FreeBSD | =11.3-p13 | |
FreeBSD FreeBSD | =11.3-p2 | |
FreeBSD FreeBSD | =11.3-p3 | |
FreeBSD FreeBSD | =11.3-p4 | |
FreeBSD FreeBSD | =11.3-p5 | |
FreeBSD FreeBSD | =11.3-p6 | |
FreeBSD FreeBSD | =11.3-p7 | |
FreeBSD FreeBSD | =11.3-p8 | |
FreeBSD FreeBSD | =11.3-p9 | |
FreeBSD FreeBSD | =11.3-rc3 | |
FreeBSD FreeBSD | =11.4 | |
FreeBSD FreeBSD | =11.4-beta1 | |
FreeBSD FreeBSD | =11.4-p1 | |
FreeBSD FreeBSD | =11.4-p2 | |
FreeBSD FreeBSD | =11.4-p3 | |
FreeBSD FreeBSD | =11.4-rc1 | |
FreeBSD FreeBSD | =11.4-rc2 | |
FreeBSD FreeBSD | =12.0 | |
FreeBSD FreeBSD | =12.0-p1 | |
FreeBSD FreeBSD | =12.0-p10 | |
FreeBSD FreeBSD | =12.0-p11 | |
FreeBSD FreeBSD | =12.0-p12 | |
FreeBSD FreeBSD | =12.0-p2 | |
FreeBSD FreeBSD | =12.0-p3 | |
FreeBSD FreeBSD | =12.0-p4 | |
FreeBSD FreeBSD | =12.0-p5 | |
FreeBSD FreeBSD | =12.0-p6 | |
FreeBSD FreeBSD | =12.0-p7 | |
FreeBSD FreeBSD | =12.0-p8 | |
FreeBSD FreeBSD | =12.0-p9 | |
FreeBSD FreeBSD | =12.1 | |
FreeBSD FreeBSD | =12.1-p1 | |
FreeBSD FreeBSD | =12.1-p2 | |
FreeBSD FreeBSD | =12.1-p3 | |
FreeBSD FreeBSD | =12.1-p4 | |
FreeBSD FreeBSD | =12.1-p5 | |
FreeBSD FreeBSD | =12.1-p6 | |
FreeBSD FreeBSD | =12.1-p7 | |
FreeBSD FreeBSD | =12.1-p8 | |
FreeBSD FreeBSD | =12.1-p9 | |
Omniosce Omnios | <=r151034 | |
Openindiana Openindiana | <=hipster_2020.04 | |
NetApp Clustered Data ONTAP |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-24718 is a vulnerability in bhyve, as used in FreeBSD through 12.1 and illumos, that allows a root user in a container on an Intel system to gain privileges by modifying VMCS_HO.
CVE-2020-24718 impacts FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04).
CVE-2020-24718 has a severity rating of 8.2 (high).
An attacker can exploit CVE-2020-24718 by being a root user in a container on an Intel system and modifying VMCS_HO to gain privileges.
You can find more information about CVE-2020-24718 in the references provided: [GitHub](https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249), [FreeBSD Security Advisory](https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc), and [NetApp Security Advisory](https://security.netapp.com/advisory/ntap-20201016-0002/).