CVE-2020-24718

Name: CVE-2020-24718
Creator: NVD / NIST
Published: 2020-09-25T04:23:04.683+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 8.2/10EPSS 0.60%

Last modified Jun 17, 2026

CVE-2020-24718 is a high-severity vulnerability rated 8.2/10 on the CVSS scale. bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.. EPSS estimates a 0.60% chance of exploitation in the next 30 days.

Description

bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.

Metrics

CVSS 3.1

8.2/10

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Probability

0.60%

44.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-862

Affected Software

Vendor	Product	Versions
Freebsd	Freebsd	<= 11.2
Freebsd	Freebsd	11.3
Freebsd	Freebsd	11.4
Freebsd	Freebsd	12.0
Freebsd	Freebsd	12.1
Omniosce	Omnios	<= r151034
Openindiana	Openindiana	<= hipster_2020.04
Netapp	Clustered Data Ontap	All versions

References

https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249Exploit, Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.ascVendor Advisory
https://security.netapp.com/advisory/ntap-20201016-0002/Third Party Advisory
https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249Exploit, Third Party Advisory
https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.ascVendor Advisory
https://security.netapp.com/advisory/ntap-20201016-0002/Third Party Advisory

Timeline

Published: Sep 25, 2020
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2020-24718?

How severe is CVE-2020-24718?

CVE-2020-24718 has a CVSS score of 8.2/10 (HIGH severity). The EPSS model estimates a 0.60% probability of exploitation in the next 30 days.

How do I fix CVE-2020-24718?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2020-24718?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST