Vulnerability Description
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | <= 11.2 |
| Omniosce | Omnios | <= r151034 |
| Openindiana | Openindiana | <= hipster_2020.04 |
| Netapp | Clustered Data Ontap | - |
Related Weaknesses (CWE)
References
- https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872fExploitThird Party Advisory
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.ascVendor Advisory
- https://security.netapp.com/advisory/ntap-20201016-0002/Third Party Advisory
- https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872fExploitThird Party Advisory
- https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.ascVendor Advisory
- https://security.netapp.com/advisory/ntap-20201016-0002/Third Party Advisory
FAQ
What is CVE-2020-24718?
CVE-2020-24718 is a vulnerability with a CVSS score of 8.2 (HIGH). bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonst...
How severe is CVE-2020-24718?
CVE-2020-24718 has been rated HIGH with a CVSS base score of 8.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-24718?
Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd, Omniosce Omnios, Openindiana Openindiana, Netapp Clustered Data Ontap.