CVE-2024-25940

Name of the Vulnerable Software and Affected Versions bhyveload versions prior to the fixed version

Description The issue is related to the bhyveload module in FreeBSD, which is associated with incorrect restriction of the host-path directory name with limited access. This could allow a remote attacker to gain unauthorized access to protected information by loading a specially crafted malicious script. The bhyveload -h <host-path> command may be used to grant loader access to the directory tree on the host. However, affected versions of bhyveload do not restrict the loader's access to , allowing it to read any file the host user has access to. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyveload, which is often the system root.

Recommendations For versions prior to the fixed version, consider restricting access to the bhyveload command and limiting the directories that can be accessed through the <host-path> parameter until a patch is available. As a temporary workaround, avoid using the bhyveload -h <host-path> command with untrusted scripts or guest images. Restrict the loader's access to sensitive files and directories on the host to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.