SB2023080234 - Multiple vulnerabilities in FreeBSD

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) State Issues (CVE-ID: CVE-2023-3494)

The vulnerability allows an attacker to escalate privileges on the system.

The vulnerability exists due to an error in the state machine implementation within the bhyve fwctl driver, which is executed when a bhyve guest accesses certain x86 I/O ports. A malicious, privileged software running in a guest VM can exploit the state issue to trigger buffer overflow and achieve code execution on the host in the bhyve userspace process.

2) Integer overflow (CVE-ID: CVE-2023-3107)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in the calculation of a fragment reassembled packet's payload length field when processing IPv6 traffic. A remote attacker can send specially crafted IPv6 packets to the affected system, trigger an integer overflow and perform a denial of service (DoS) attack.

Remediation

Install update from vendor's website.

References

• https://security.FreeBSD.org/advisories/FreeBSD-SA-23:07.bhyve.asc
• https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc