Bhyve · Bhyve · CVE-2023-3494
**Name of the Vulnerable Software and Affected Versions**
bhyve (affected versions not specified)
**Description**
A bug in the state machine implementation of the fwctl driver can result in a buffer overflowing when a guest VM copies a string into a buffer in the bhyve process' memory. This can be exploited by malicious, privileged software running in a guest VM to achieve code execution on the host in the bhyve userspace process, which typically runs as root. The risk is mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.
**Recommendations**
At the moment, there is no information about a newer version that contains a fix for this vulnerability.