What is the vulnerability ID for this FreeBSD vulnerability?

The vulnerability ID for this FreeBSD vulnerability is CVE-2021-29631.

What is the severity of CVE-2021-29631?

The severity of CVE-2021-29631 is high with a CVSS score of 7.8.

Which versions of FreeBSD are affected by CVE-2021-29631?

FreeBSD 13.0-STABLE, 12.2-STABLE, 11.4-STABLE, 13.0-RELEASE, 12.2-RELEASE, and 11.4-RELEASE are affected by CVE-2021-29631.

What is the description of CVE-2021-29631?

CVE-2021-29631 is a vulnerability in FreeBSD's bhyve virtualization feature that allows a malicious guest to cause a denial-of-service condition.

How can I fix CVE-2021-29631?

Apply the necessary patches provided by FreeBSD to fix CVE-2021-29631.

Vulnerability/
CVE-2021-29631

high

7.8

CWE

908

30/8/2021

14/12/2021

CVE-2021-29631

First published: Mon Aug 30 2021(Updated: )

In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process.

Credit: secteam@freebsd.org

Affected Software	Affected Version	How to fix
FreeBSD FreeBSD	=11.4
FreeBSD FreeBSD	=11.4-p1
FreeBSD FreeBSD	=11.4-p10
FreeBSD FreeBSD	=11.4-p11
FreeBSD FreeBSD	=11.4-p12
FreeBSD FreeBSD	=11.4-p13
FreeBSD FreeBSD	=11.4-p2
FreeBSD FreeBSD	=11.4-p3
FreeBSD FreeBSD	=11.4-p4
FreeBSD FreeBSD	=11.4-p5
FreeBSD FreeBSD	=11.4-p6
FreeBSD FreeBSD	=11.4-p7
FreeBSD FreeBSD	=11.4-p8
FreeBSD FreeBSD	=11.4-p9
FreeBSD FreeBSD	=12.2
FreeBSD FreeBSD	=12.2-p1
FreeBSD FreeBSD	=12.2-p10
FreeBSD FreeBSD	=12.2-p2
FreeBSD FreeBSD	=12.2-p3
FreeBSD FreeBSD	=12.2-p4
FreeBSD FreeBSD	=12.2-p5
FreeBSD FreeBSD	=12.2-p6
FreeBSD FreeBSD	=12.2-p7
FreeBSD FreeBSD	=12.2-p8
FreeBSD FreeBSD	=12.2-p9
FreeBSD FreeBSD	=13.0
FreeBSD FreeBSD	=13.0-p1
FreeBSD FreeBSD	=13.0-p2
FreeBSD FreeBSD	=13.0-p3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the vulnerability ID for this FreeBSD vulnerability?
The vulnerability ID for this FreeBSD vulnerability is CVE-2021-29631.
What is the severity of CVE-2021-29631?
The severity of CVE-2021-29631 is high with a CVSS score of 7.8.
Which versions of FreeBSD are affected by CVE-2021-29631?
FreeBSD 13.0-STABLE, 12.2-STABLE, 11.4-STABLE, 13.0-RELEASE, 12.2-RELEASE, and 11.4-RELEASE are affected by CVE-2021-29631.
What is the description of CVE-2021-29631?
CVE-2021-29631 is a vulnerability in FreeBSD's bhyve virtualization feature that allows a malicious guest to cause a denial-of-service condition.
How can I fix CVE-2021-29631?
Apply the necessary patches provided by FreeBSD to fix CVE-2021-29631.

collector/nvd-index
vendor/freebsd
canonical/freebsd freebsd
version/freebsd freebsd/11.4
version/freebsd freebsd/11.4-p1
version/freebsd freebsd/11.4-p10
version/freebsd freebsd/11.4-p11
version/freebsd freebsd/11.4-p12
version/freebsd freebsd/11.4-p13
version/freebsd freebsd/11.4-p2
version/freebsd freebsd/11.4-p3
version/freebsd freebsd/11.4-p4
version/freebsd freebsd/11.4-p5
version/freebsd freebsd/11.4-p6
version/freebsd freebsd/11.4-p7
version/freebsd freebsd/11.4-p8
version/freebsd freebsd/11.4-p9
version/freebsd freebsd/12.2
version/freebsd freebsd/12.2-p1
version/freebsd freebsd/12.2-p10
version/freebsd freebsd/12.2-p2
version/freebsd freebsd/12.2-p3
version/freebsd freebsd/12.2-p4
version/freebsd freebsd/12.2-p5
version/freebsd freebsd/12.2-p6
version/freebsd freebsd/12.2-p7
version/freebsd freebsd/12.2-p8
version/freebsd freebsd/12.2-p9
version/freebsd freebsd/13.0
version/freebsd freebsd/13.0-p1
version/freebsd freebsd/13.0-p2
version/freebsd freebsd/13.0-p3