CVE-2024-32668

Name of the Vulnerable Software and Affected Versions bhyve (affected versions not specified)

Description The issue is related to an insufficient boundary validation in the USB code, which could lead to an out-of-bounds write on the heap, with data controlled by the caller. A malicious, privileged software running in a guest VM can exploit this to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.