Total vulnerabilities in the database
An insufficient boundary validation in the USB code could lead to an out-of-bounds write on the heap, with data controlled by the caller.
A malicious, privileged software running in a guest VM can exploit the vulnerability to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.
| Software | From | Fixed in |
|---|---|---|
| freebsd / freebsd | 14.0 | 14.0.x |
| freebsd / freebsd | 14.0-beta5 | 14.0-beta5.x |
| freebsd / freebsd | 14.0-rc3 | 14.0-rc3.x |
| freebsd / freebsd | 14.0-rc4-p1 | 14.0-rc4-p1.x |
| freebsd / freebsd | 14.0-p1 | 14.0-p1.x |
| freebsd / freebsd | 14.0-p2 | 14.0-p2.x |
| freebsd / freebsd | 14.1 | 14.1.x |
| freebsd / freebsd | 14.1-p1 | 14.1-p1.x |
| freebsd / freebsd | 14.0-p4 | 14.0-p4.x |
| freebsd / freebsd | 14.0-p5 | 14.0-p5.x |
| freebsd / freebsd | 14.0-p6 | 14.0-p6.x |
| freebsd / freebsd | 14.0-p7 | 14.0-p7.x |
| freebsd / freebsd | 14.0-p3 | 14.0-p3.x |
| freebsd / freebsd | 13.3 | 13.3.x |
| freebsd / freebsd | 13.3-p1 | 13.3-p1.x |
| freebsd / freebsd | 13.3-p2 | 13.3-p2.x |
| freebsd / freebsd | 13.3-p3 | 13.3-p3.x |
| freebsd / freebsd | 14.1-p2 | 14.1-p2.x |
| freebsd / freebsd | 14.0-p8 | 14.0-p8.x |
| freebsd / freebsd | 13.3-p4 | 13.3-p4.x |
| freebsd / freebsd | 13.0 | 13.3 |
| freebsd / freebsd | 14.1-p3 | 14.1-p3.x |
| freebsd / freebsd | 14.0-p9 | 14.0-p9.x |
| freebsd / freebsd | 13.4-beta3 | 13.4-beta3.x |
| freebsd / freebsd | 13.3-p5 | 13.3-p5.x |