U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Vulnerability Change Records for CVE-2024-45063

Change History

New CVE Received from FreeBSD 9/05/2024 1:15:13 AM

Action Type Old Value New Value
Added Description

								
							
							
						
The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.

Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.  Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.  A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
Added CWE

								
							
							
						
FreeBSD CWE-416
Added Reference

								
							
							
						
FreeBSD https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc [No types assigned]