A critical vulnerability has been uncovered in the FreeBSD hypervisor, bhyve, that allows malicious software within a guest virtual machine (VM) to execute arbitrary code on the host system.
This flaw, tracked as CVE-2024-41721, impacts all supported FreeBSD versions and has since been addressed by the FreeBSD Project.
bhyve, which enables guest operating systems to run in VMs, is affected by improper boundary checks within its USB code. This issue can lead to an out-of-bounds read on the heap, potentially allowing arbitrary code execution or a system crash.
Privileged software running inside a guest VM can exploit this vulnerability to crash the hypervisor or execute code on the host system, which operates under root privileges. However, bhyve runs within a Capsicum sandbox, limiting the damage by restricting the malicious code to the capabilities granted to the bhyve process.
Solutions and Workthrough
There is no available workaround for this vulnerability, though systems not using XHCI emulation remain unaffected. To resolve the issue, FreeBSD users are urged to update to a supported stable or security release branch following the correction date.
The update process involves either applying a binary patch using the freebsd-update utility or recompiling the operating system with a source code patch. The fix has been implemented in the following Git commit hashes for the stable and release branches:
- stable/14: 419da61f8203
- releng/14.1: 3c6c0dcb5acb
- releng/14.0: ba46f1174972
- stable/13: 2abd2ad64899
- releng/13.4: 5f035df278cc
- releng/13.3: e7a790dc3ffe
Users are strongly advised to update their systems promptly and restart the bhyve processes or reboot the system to ensure the fix is applied. Prioritizing these security updates is critical to safeguarding against potential exploitation.