Multiple vulnerabilities in FreeBSD
| Risk | Low |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-25940 CVE-2024-25941 |
| CWE-ID | CWE-264 CWE-200 |
| Exploitation vector | Local |
| Public exploit | N/A |
| Vulnerable software |
FreeBSD Operating systems & Components / Operating system |
| Vendor | FreeBSD Foundation |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU86551
Risk: Low
CVSSv4.0: 5.8 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-25940
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to incorrect implementation of the bhyveload(8) model. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8), which is often the system root.
Install updates from vendor's website.
Vulnerable software versionsFreeBSD: 13.2 - 14.0
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:14.0:*:*:*:*:*:*:*
https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Information disclosure
EUVDB-ID: #VU86550
Risk: Low
CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-25941
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due information disclosure in jail(2) system call. A local user can get information about TTYs allocated on the host or in other jails. Mitigation
Install updates from vendor's website.
Vulnerable software versionsFreeBSD: 13.2 - 14.0
CPE2.3- cpe:2.3:o:freebsd_foundation:freebsd:13.2:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd_foundation:freebsd:14.0:*:*:*:*:*:*:*
https://security.freebsd.org/advisories/FreeBSD-SA-24:02.tty.asc
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
