CVE-2024-39281

Name of the Vulnerable Software and Affected Versions FreeBSD (affected versions not specified)

Description The issue allows the caller to specify an arbitrary size using the ctl persistent reserve out command, which will be passed to the kernel's memory allocator. This could potentially lead to unbounded allocation in the ctl(4) CAM Target Layer. There is a mention of potential exploitation over unauthenticated iSCSI connections, but no further details are provided.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.