Out-of-bounds write in FreeBSD

#VU20024 Out-of-bounds write in FreeBSD

Published: 2019-08-09 | Updated: 2022-07-12

Vulnerability identifier: #VU20024

Vulnerability risk: Medium

CVSSv3.1: 7 [CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2019-5609

CWE-ID: CWE-787

Exploitation vector: Local network

Exploit availability: No

Vulnerable software:
FreeBSD
Operating systems & Components / Operating system

Vendor: FreeBSD Foundation

Description

The vulnerability allows a remote authenticated user to compromise vulnerable system.

The vulnerability exists due to a boundary error within bhyve(8) hypervisor when processing TCP packets sent via the e1000 network adapters. A remote user with access to guest operating system can send specially crafted TCP packets, trigger out-of-bounds write and execute arbitrary code on the host system.

Mitigation

Install updates from vendor's website.

https://security.FreeBSD.org/patches/SA-19:21/bhyve.patch

Vulnerable software versions

FreeBSD: 11.2 - 12.0

External links
http://www.freebsd.org/security/advisories/FreeBSD-SA-19:21.bhyve.asc
http://www.zerodayinitiative.com/advisories/ZDI-22-949/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated user via the local network (LAN).

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in FreeBSD