FreeBSD bhyve Privileged Guest Escape via USB Controller (SA-24:12)

From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: bhyve(8) privileged guest escape via USB controller - Vulnerability Type: Core module - Module: bhyve - Release Date: September 4, 2024 - Fix Date: September 4, 2024 - Affected Versions: All supported FreeBSD versions - Fixed Versions: - 14.1-STABLE - 14.1-RELEASE-p4 - 14.0-RELEASE-p10 - 13.4-STABLE - 13.4-RC2-p1 - 13.3-RELEASE-p6 2. Impact: - A malicious, privileged software running inside a guest VM can exploit this vulnerability to execute code within the host's bhyve userspace process, which typically runs with root privileges. - bhyve runs within a Capsicum sandbox, so the malicious code is restricted by the capabilities available to the bhyve process. 3. Solution: - Workaround: No workaround is available, but VMs that do not expose XHCI devices to the guest (via ) are unaffected. - Solution: Upgrade to a version of FreeBSD from a supported stable or release branch (relenge) dated after the fix. - Patches: - Update the system using binary patches: - Update the system using source patches: 1. Download the relevant patch and verify its PGP signature. 2. Apply the patch. 3. Recompile the operating system. 4. Fix Details: - The issue has been fixed in the following stable and release branches via corresponding Git commit hashes: - stable/14/ - releng/14.1/ - releng/14.0/ - stable/13/ - releng/13.4/ - releng/13.3/ 5. References: - The latest revision of this advisory is available at the following URL: This information provides a detailed description of the bhyve(8) vulnerability, its impact, solutions, and fix details.

Goal Reached Thanks to every supporter — we hit 100%!

FreeBSD bhyve Privileged Guest Escape via USB Controller (SA-24:12)