CVE-2016-1889

Name of the Vulnerable Software and Affected Versions bhyve versions 10.1 through 11.0

Description The issue is related to an integer overflow in the bhyve hypervisor when it is configured with a large amount of guest memory. This allows local users to gain privileges via a crafted device descriptor.

Recommendations For versions 10.1 through 11.0, consider restricting the amount of guest memory allocated to the bhyve hypervisor to minimize the risk of exploitation. As a temporary workaround, limit the use of crafted device descriptors until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.