First published: Mon Aug 30 2021(Updated: )
In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process.
Credit: secteam@freebsd.org
Affected Software | Affected Version | How to fix |
---|---|---|
FreeBSD FreeBSD | =11.4 | |
FreeBSD FreeBSD | =11.4-p1 | |
FreeBSD FreeBSD | =11.4-p10 | |
FreeBSD FreeBSD | =11.4-p11 | |
FreeBSD FreeBSD | =11.4-p12 | |
FreeBSD FreeBSD | =11.4-p13 | |
FreeBSD FreeBSD | =11.4-p2 | |
FreeBSD FreeBSD | =11.4-p3 | |
FreeBSD FreeBSD | =11.4-p4 | |
FreeBSD FreeBSD | =11.4-p5 | |
FreeBSD FreeBSD | =11.4-p6 | |
FreeBSD FreeBSD | =11.4-p7 | |
FreeBSD FreeBSD | =11.4-p8 | |
FreeBSD FreeBSD | =11.4-p9 | |
FreeBSD FreeBSD | =12.2 | |
FreeBSD FreeBSD | =12.2-p1 | |
FreeBSD FreeBSD | =12.2-p10 | |
FreeBSD FreeBSD | =12.2-p2 | |
FreeBSD FreeBSD | =12.2-p3 | |
FreeBSD FreeBSD | =12.2-p4 | |
FreeBSD FreeBSD | =12.2-p5 | |
FreeBSD FreeBSD | =12.2-p6 | |
FreeBSD FreeBSD | =12.2-p7 | |
FreeBSD FreeBSD | =12.2-p8 | |
FreeBSD FreeBSD | =12.2-p9 | |
FreeBSD FreeBSD | =13.0 | |
FreeBSD FreeBSD | =13.0-p1 | |
FreeBSD FreeBSD | =13.0-p2 | |
FreeBSD FreeBSD | =13.0-p3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this FreeBSD vulnerability is CVE-2021-29631.
The severity of CVE-2021-29631 is high with a CVSS score of 7.8.
FreeBSD 13.0-STABLE, 12.2-STABLE, 11.4-STABLE, 13.0-RELEASE, 12.2-RELEASE, and 11.4-RELEASE are affected by CVE-2021-29631.
CVE-2021-29631 is a vulnerability in FreeBSD's bhyve virtualization feature that allows a malicious guest to cause a denial-of-service condition.
Apply the necessary patches provided by FreeBSD to fix CVE-2021-29631.