CVE-2020-24718

Name of the Vulnerable Software and Affected Versions bhyve versions prior to the fixed version in FreeBSD through 12.1 bhyve as used in illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04)

Description The issue is related to the improper restriction of VMCS and VMCB read/write operations. This can be exploited by a root user in a container on an Intel system to gain privileges by modifying VMCS HOST RIP.

Recommendations For bhyve as used in FreeBSD through 12.1, update to a version that includes the fix for this issue. For bhyve as used in illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), consider restricting access to VMCS and VMCB operations until a patch is available.