Main Vulnerability Database Vulnerabilities #VU86551

Permissions, Privileges, and Access Controls in FreeBSD - CVE-2024-25940

Published: February 15, 2024

Vulnerability identifier: #VU86551

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-25940

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
FreeBSD

Software vendor:
FreeBSD Foundation

Description

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to incorrect implementation of the bhyveload(8) model. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root.

Remediation

Install updates from vendor's website.

External links

https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc

Permissions, Privileges, and Access Controls in FreeBSD - CVE-2024-25940

Description

Remediation

External links

Please verify you're human