CVE-2019-5609

Name of the Vulnerable Software and Affected Versions FreeBSD versions 11.2-RELEASE through 11.2-RELEASE-p12 FreeBSD versions 11.3-RELEASE through 11.3-RELEASE-p1 FreeBSD versions 12.0-RELEASE through 12.0-RELEASE-p8

Description The issue arises from the bhyve e1000 device emulation, which uses a guest-provided value to determine the size of the on-stack buffer without validation when TCP segmentation offload is requested for a transmitted packet. This allows a misbehaving bhyve guest to potentially overwrite memory in the bhyve process on the host.

Recommendations For FreeBSD versions 11.2-RELEASE through 11.2-RELEASE-p12, update to 11.2-RELEASE-p13 or later. For FreeBSD versions 11.3-RELEASE through 11.3-RELEASE-p1, update to 11.3-RELEASE-p2 or later. For FreeBSD versions 12.0-RELEASE through 12.0-RELEASE-p8, update to 12.0-RELEASE-p9 or later.