Privilege escalation in FreeBSD
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 1 |
| CVE-ID | CVE-2018-17160 |
| CWE-ID | CWE-119 |
| Exploitation vector | Local network |
| Public exploit | N/A |
| Vulnerable software |
FreeBSD Operating systems & Components / Operating system |
| Vendor | FreeBSD Foundation |
Security Bulletin
This security bulletin contains one low risk vulnerability.
1) Buffer overflow
EUVDB-ID: #VU16236
Risk: Low
CVSSv4.0: 4.4 [CVSS:4.0/AV:A/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2018-17160
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the one of the device models provided by bhyve(8). A local privileged user on the guest operating system can overwrite memory within the bhyve process on the host operating system and crash the host system or execute arbitrary code with root privileges.
The vulnerability can be exploited with a UEFI image from the bhyve-firmware package.
Install updates from vendor's website.
Vulnerable software versionsFreeBSD: 11.2
CPE2.3 External linkshttps://www.freebsd.org/security/advisories/FreeBSD-SA-18:14.bhyve.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
