all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-3494 (freebsd)

Add to bookmarks
Aug. 1, 2023, 11:15 p.m. |

National Vulnerability Database web.nvd.nist.gov

The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically …

buffer bug copy cve driver freebsd implementation interface machine malicious memory ports privileged process result running software state x86

Visit resource

More from web.nvd.nist.gov / National Vulnerability Database

CVE-2023-45955 (lightstrip_firmware) 6 months ago | web.nvd.nist.gov
attackers cve denial of service issue +1
CVE-2023-40101 (android) 6 months ago | web.nvd.nist.gov
android check collapse cve +7
CVE-2023-21377 (android) 6 months ago | web.nvd.nist.gov
android bypass cve disclosure +8
CVE-2023-21380 (android) 6 months ago | web.nvd.nist.gov
android bluetooth buffer buffer overflow +9
CVE-2023-21382 (android) 6 months ago | web.nvd.nist.gov
access android check cve +11
CVE-2023-21381 (android) 6 months ago | web.nvd.nist.gov
android arbitrary code code code execution +10
CVE-2023-21385 (android) 6 months ago | web.nvd.nist.gov
android corruption cve disclosure +7
CVE-2023-21387 (android) 6 months ago | web.nvd.nist.gov
android backup bypass cve +11
CVE-2023-21389 (android) 6 months ago | web.nvd.nist.gov
android bypass check cve +10

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Information Security Cyber Risk Analyst

@ Intel | USA - AZ - Chandler
View on infosec-jobs.com

Senior Cloud Security Engineer (Fullstack)

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Principal Product Security Engineer

@ Oracle | United States
View on infosec-jobs.com

Cybersecurity Strategy Director

@ Proofpoint | Sunnyvale, CA
View on infosec-jobs.com

Information Security Consultant/Auditor

@ Devoteam | Lisboa, Portugal
View on infosec-jobs.com

IT Security Engineer til Netcompany IT Services

@ Netcompany | Copenhagen, Denmark
View on infosec-jobs.com
View more jobs