.webp?w=1200&resize=1200,0&ssl=1&description=FreeBSD+RCE+Vulnerability+Let+Attackers+Execute+Malicious+Code){kind=link}
.webp?w=1600&resize=1600,900&ssl=1 "FreeBSD RCE Vulnerability Let Attackers Execute Malicious Code")
FreeBSD has disclosed a vital distant code execution (RCE) vulnerability affecting its bhyve hypervisor.
This vulnerability, CVE-2024-41721, might permit attackers to execute malicious code on the host system. The advisory, which was introduced on September 19, 2024, credit Synacktiv with discovering the flaw.
CVE-2024-41721 – Vulnerability Particulars
As per a report by FreeBSD, the vulnerability resides within the XHCI emulation of the bhyve hypervisor, which is used to run visitor working programs inside digital machines.
Particularly, the problem stems from inadequate boundary validation within the USB code, resulting in an out-of-bounds learn on the heap.
This flaw could be exploited by malicious software program operating in a visitor VM to crash the hypervisor course of or obtain code execution on the host system.
The bhyve course of sometimes runs as root, rising the potential impression of this vulnerability.
Whereas bhyve operates inside a Capsicum sandbox, which limits the capabilities obtainable to processes, this doesn’t solely mitigate the chance posed by this vulnerability.
Techniques utilizing XHCI emulation are significantly in danger, as no workaround is offered for these configurations.
Decoding Compliance: What CISOs Must Know – Be part of Free Webinar
Affect and Affected Variations
This vulnerability impacts all supported variations of FreeBSD. Its potential impression is critical, because it permits attackers with privileged entry to visitor VMs to execute arbitrary code on the host system.
This might result in unauthorized entry or management over the host machine, posing a extreme safety menace to affected programs.
Right here’s a desk summarizing the impacted variations of FreeBSD and the corresponding corrections for the bhyve RCE vulnerability (CVE-2024-41721):
| FreeBSD Department/Model | Correction Date and Time (UTC) | Git Commit Hash |
| steady/14 | 2024-09-19 12:40:17 | 419da61f8203 |
| releng/14.1 | 2024-09-19 13:30:18 | 3c6c0dcb5acb |
| releng/14.0 | 2024-09-19 13:30:44 | ba46f1174972 |
| steady/13 | 2024-09-19 12:48:52 | 2abd2ad64899 |
| releng/13.4 | 2024-09-19 13:35:06 | 5f035df278cc |
| releng/13.3 | 2024-09-19 13:35:37 | e7a790dc3ffe |
To mitigate this vulnerability, customers ought to improve their FreeBSD programs to a model that features the patch launched on September 19, 2024.
The FreeBSD Undertaking offers two strategies for updating affected programs:
- Binary Patch Replace: Techniques operating a RELEASE model of FreeBSD could be up to date utilizing the FreeBSD-update utility. This entails fetching and putting in the most recent updates through command-line directions.
- Supply Code Patch Replace: Customers can obtain and confirm patches from FreeBSD’s safety web site and apply them manually utilizing command-line instruments. This methodology requires recompiling the working system utilizing construct world and set up world procedures.
After making use of updates or patches, it’s essential to restart any visitor working programs utilizing USB units with XHCI emulation to make sure that the corrections take impact.
Are You From SOC/DFIR Groups? - Attempt Superior Malware and Phishing Evaluation With ANY.RUN - 14-day free trial