Date: Wed, 25 Aug 2021 06:15:06 GMT From: Philip Paeps <philip@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 7f941a9b8816 - main - security/vuxml: add FreeBSD SA-21:13.bhyve Message-ID: <202108250615.17P6F6OS075006@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by philip: URL: https://cgit.FreeBSD.org/ports/commit/?id=7f941a9b8816f83d3975a29da316a5b75c3400a2 commit 7f941a9b8816f83d3975a29da316a5b75c3400a2 Author: Philip Paeps <philip@FreeBSD.org> AuthorDate: 2021-08-25 06:14:15 +0000 Commit: Philip Paeps <philip@FreeBSD.org> CommitDate: 2021-08-25 06:14:15 +0000 security/vuxml: add FreeBSD SA-21:13.bhyve --- security/vuxml/vuln-2021.xml | 33 +++++++++++++++++++++++++++++++++ 1 file changed, 33 insertions(+) diff --git a/security/vuxml/vuln-2021.xml b/security/vuxml/vuln-2021.xml index 4cb1e5d0ab51..512f2a41a99a 100644 --- a/security/vuxml/vuln-2021.xml +++ b/security/vuxml/vuln-2021.xml @@ -1,3 +1,36 @@ + <vuln vid="a6d5d4c1-0564-11ec-b69d-4062311215d5"> + <topic>FreeBSD -- Missing error handling in bhyve(8) device models</topic> + <affects> + <package> + <name>FreeBSD</name> + <range><ge>13.0</ge><lt>13.0_4</lt></range> + <range><ge>12.2</ge><lt>12.2_10</lt></range> + <range><ge>11.4</ge><lt>11.4_13</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml">; + <h1>Problem Description:</h1> + <p>Certain VirtIO-based device models failed to handle errors when fetching + I/O descriptors. Such errors could be triggered by a malicious guest. + As a result, the device model code could be tricked into operating on + uninitialized I/O vectors, leading to memory corruption.</p> + <h1>Impact:</h1> + <p>A malicious guest may be able to crash the bhyve process. It may be + possible to exploit the memory corruption bugs to achieve arbitrary code + execution in the bhyve process.</p> + </body> + </description> + <references> + <cvename>CVE-2021-29631</cvename> + <freebsdsa>SA-21:13.bhyve</freebsdsa> + </references> + <dates> + <discovery>2021-08-24</discovery> + <entry>2021-08-25</entry> + </dates> + </vuln> + <vuln vid="96811d4a-04ec-11ec-9b84-d4c9ef517024"> <topic>OpenSSL -- multiple vulnerabilities</topic> <affects>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202108250615.17P6F6OS075006>