CVE-2020-24718

Published Sep 25, 2020
Last updated 3 years ago
CVSS high 8.2
Overview

Description: bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.
Source: cve@mitre.org
NVD status: Analyzed
Risk scores

CVSS 3.1

Type: Primary
Base score: 8.2
Impact score: 6
Exploitability score: 1.5
Vector string: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity: HIGH
CVSS 2.0

Type: Primary
Base score: 7.2
Impact score: 10
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:C/A:C
Weaknesses

nvd@nist.gov: CWE-862
Hype score: Not currently trending
Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B985F217-C03B-4FB4-9967-55793399E30F",
            "versionEndIncluding": "11.2"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F35957CE-AF9F-40CA-BDD1-FA6A0E73783F"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA929713-B797-494A-853D-C121D9D69519"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B87AF171-95AC-4DDA-8D94-694F85638B46"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1CC8B031-41BB-4846-B092-7E4BC6F35D6B"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83E34012-BC9D-4F0C-AAE1-FE5767B4EED6"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p13:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "57EF03AC-0934-46FD-A77C-76A0CAF4342C"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EA5006FF-06A5-4D95-BF5B-29F26248D11F"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A705031B-FD63-4076-B92E-E826E11D7111"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "11C1EFB1-68E5-45F4-A7E1-744574F290D1"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25F649A7-9265-4552-8934-BCE083363982"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F202C856-5B95-4796-AC4A-1F210E7BAB8F"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9419C866-C478-4CDE-A9A1-E592D8FF0933"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B6DFC23-A7A1-431A-9AD9-A820579F95F0"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.3:rc3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E03E6445-DD63-44E8-85D1-3971253F395A"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4A865EA1-01D7-4E5A-9D13-80780F8A9D7A"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.4:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B80FBD1B-D03E-4408-9150-2F86FAF7F1D7"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FCA6A72-2A72-45FD-A43D-B5BF7C329121"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "90F9B3CB-3B60-4AA8-9EAF-4F0BE7D27691"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C04EE177-C7D1-4049-B680-F961A27C677F"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.4:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2B0FB7BE-DB4E-47CE-8B51-C43DC5AADD17"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:11.4:rc2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D427061-B399-47BA-865D-9FAB315210CF"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C7B8FCA-2170-469A-B6D6-2C6AB254F20F"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p11:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E94067A1-5C68-4401-A7B6-29B4FE553733"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "87EE567B-7604-41CC-B0A7-B51255D4C240"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E1AD57A9-F53A-4E40-966E-F2F50852C5E4"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "46C5A6FD-7BBF-4E84-9895-8EE14DC846E4"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D71D083-3279-4DF4-91E1-38C373DD062F"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "882669AB-BCFC-4517-A3E9-33D344F1ED0D"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BC3D24FB-50A2-4E37-A479-AF21F8ECD706"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3070787D-76E1-4671-B99D-213F7103B3A2"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0140276F-9C31-4B5C-A5AC-DE0EBB885275"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BD730B6A-F123-4685-ACB3-4F20AAAB77F3"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "508150E3-2C0C-4EEB-BFC9-BB5CEB404C06"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B5D692EF-A5D7-430E-91BA-4CD137343B66"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D50C60A7-4C9F-4636-92E9-9F5B8B01BE5B"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6C49F6C7-A740-42F4-93BB-512CBF334516"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "402740C4-5B55-423F-BAD2-F742E1E21ADC"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9DCAA10A-C612-45E0-84B7-55897F49D65E"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CB6258A5-8066-48B8-A417-09A1547DD57A"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p8:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6601C7C4-EC36-4EAA-90AC-D3156A2BF330"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p9:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EDCBC06C-B16B-498A-A99B-5F9F17C5FF03"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:omniosce:omnios:*:*:*:*:community:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6F88A2E7-1972-4CBD-9197-9680DCF9806F",
            "versionEndIncluding": "r151034"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:openindiana:openindiana:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2F91E6EC-CDE1-4B4B-B556-1B91C0CA5BEA",
            "versionEndIncluding": "hipster_2020.04"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]
Overview

Risk scores

CVSS 3.1

CVSS 2.0

Weaknesses

Social media

Configurations

References
