CVE-2018-17160

Name of the Vulnerable Software and Affected Versions: FreeBSD versions prior to 11.2-STABLE(r341486) FreeBSD versions prior to 11.2-RELEASE-p6

Description: The issue is caused by insufficient bounds checking in one of the device models provided by bhyve, allowing a guest operating system to overwrite memory in the bhyve host, which may permit arbitrary code execution. A guest OS using a firmware image can cause the bhyve process to crash or possibly execute arbitrary code on the host as root.

Recommendations: For versions prior to 11.2-STABLE(r341486), update to 11.2-STABLE(r341486) or later. For versions prior to 11.2-RELEASE-p6, update to 11.2-RELEASE-p6 or later. As a temporary workaround, consider restricting access to the bhyve device models to minimize the risk of exploitation.