Main Vulnerability Database Vulnerabilities #VU46744

#VU46744 Security restrictions bypass in FreeBSD - CVE-2020-7467

Published: September 16, 2020

Vulnerability identifier: #VU46744

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2020-7467

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
FreeBSD

Software vendor:
FreeBSD Foundation

Description

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists in bhyve(8) hypervisor when processing instructions for AMD procesors sent from guest operating environmentas a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions is not trapped.

A remote user with access to guest operating system can run a specially crafted program to write to arbitrary memory locations on the host operating system.

Successful exploitation of the vulnerability may allow an attacker to gain full control over the host operating system.

Note, the vulnerability affects systems running bhyve(8) on AMD processors only.

Remediation

Install updates from vendor's website.

External links

https://www.freebsd.org/security/advisories/FreeBSD-SA-20:29.bhyve_svm.asc

#VU46744 Security restrictions bypass in FreeBSD - CVE-2020-7467

Description

Remediation

External links

Please verify you're human