Security restrictions bypass in FreeBSD - CVE-2020-7467

 

Security restrictions bypass in FreeBSD - CVE-2020-7467

Published: September 16, 2020


Vulnerability identifier: #VU46744
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2020-7467
CWE-ID: CWE-264
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: FreeBSD Foundation
Affected software:
FreeBSD

Detailed vulnerability description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists in bhyve(8) hypervisor when processing instructions for AMD procesors sent from guest operating environmentas a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions is not trapped.

A remote user with access to guest operating system can run a specially crafted program to write to arbitrary memory locations on the host operating system.

Successful exploitation of the vulnerability may allow an attacker to gain full control over the  host operating system.

Note, the vulnerability affects systems running bhyve(8) on AMD processors only.


How to mitigate CVE-2020-7467

Install updates from vendor's website.

Sources