The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.
Published 2023-08-01 23:15:31
Updated 2023-08-31 19:15:11
Source FreeBSD
View at NVD,   CVE.org
Vulnerability category: Overflow

Exploit prediction scoring system (EPSS) score for CVE-2023-3494

0.04%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-3494

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
8.8
HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
2.0
6.0
NIST

CWE ids for CVE-2023-3494

References for CVE-2023-3494

Products affected by CVE-2023-3494

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!