Strix
26.1K

CVE-2023-3494

HIGHCVSS 8.8/10EPSS 0.22%

Last modified

CVE-2023-3494 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. EPSS estimates a 0.22% chance of exploitation in the next 30 days.

Description

The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.

Metrics

CVSS 3.1
8.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Probability
0.22%

12.2th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
FreebsdFreebsd13.1
FreebsdFreebsd13.2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2023-3494?
The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process, which typically runs as root, mitigated by the capabilities assigned through the Capsicum sandbox available to the bhyve process.
How severe is CVE-2023-3494?
CVE-2023-3494 has a CVSS score of 8.8/10 (HIGH severity). The EPSS model estimates a 0.22% probability of exploitation in the next 30 days.
How do I fix CVE-2023-3494?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-3494?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST