mirror of
https://github.com/0xMarcio/cve.git
synced 2025-11-28 18:48:49 +00:00
1.6 KiB
1.6 KiB
CVE-2024-8178
Description
The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it.Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
POC
Reference
No PoCs from references.