Multiple vulnerabilities in FreeBSD
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2023-3494 CVE-2023-3107 |
| CWE-ID | CWE-371 CWE-190 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
FreeBSD Operating systems & Components / Operating system |
| Vendor | FreeBSD Foundation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) State Issues
EUVDB-ID: #VU78875
Risk: Medium
CVSSv4.0: 6.1 [CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-3494
CWE-ID:
CWE-371 - State Issues
Exploit availability: No
DescriptionThe vulnerability allows an attacker to escalate privileges on the system.
The vulnerability exists due to an error in the state machine implementation within the bhyve fwctl driver, which is executed when a bhyve guest accesses certain x86 I/O ports. A malicious, privileged software running in a guest VM can exploit the state issue to trigger buffer overflow and achieve code execution on the host in the bhyve
userspace process.
Install updates from vendor's website.
Vulnerable software versionsFreeBSD: 13.1 - 13.2
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:13.2:*:*:*:*:*:*:*
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:07.bhyve.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Integer overflow
EUVDB-ID: #VU78873
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2023-3107
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the calculation of a fragment reassembled packet's payload length field when processing IPv6 traffic. A remote attacker can send specially crafted IPv6 packets to the affected system, trigger an integer overflow and perform a denial of service (DoS) attack.
Install updates from vendor's website.
Vulnerable software versionsFreeBSD: 12.0 - 13.2
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:12.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.1:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:12.2-RELEASE-p6:*:*:*:*:*:*:*
https://security.FreeBSD.org/advisories/FreeBSD-SA-23:06.ipv6.asc
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
