In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE...
Critical severity
Unreviewed
Published
May 24, 2022
to the GitHub Advisory Database
•
Updated Mar 9, 2023
Description
Published by the National Vulnerability Database
Jul 26, 2019
Published to the GitHub Advisory Database
May 24, 2022
Last updated
Mar 9, 2023
In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, the emulated XHCI device included with the bhyve hypervisor did not properly validate data provided by the guest, allowing an out-of-bounds read. This provides a malicious guest the possibility to crash the system or access system memory.
References