Project

General

Profile

Bug #62019

Fix bhyve CVE-2018-17160

Added by Alexander Motin 8 months ago. Updated 5 months ago.

Status:
Done
Priority:
No priority
Assignee:
Alexander Motin
Category:
OS
Target version:
Seen in:
Severity:
Med High
Reason for Closing:
Reason for Blocked:
Needs QA:
No
Needs Doc:
No
Needs Merging:
No
Needs Automation:
No
Support Suite Ticket:
n/a
Hardware Configuration:
ChangeLog Required:
No

Description

This seems like a valid issue for people running untrusted VMs:
https://www.freebsd.org/security/advisories/FreeBSD-SA-18:14.bhyve.asc


Related issues

Copied to FreeNAS - Bug #62415: Fix bhyve CVE-2018-17160Done

Associated revisions

Revision 1c19735a (diff)
Added by gordon 8 months ago

MFC r341484

Always treat firmware request and response sizes as unsigned.

This fixes an incomplete bounds check on the guest-supplied request
size where a very large request size could be interpreted as a negative
value and not be caught by the bounds check.

Submitted by: jhb
Reported by: Reno Robert
Approved by: so
Security: FreeBSD-SA-18:14.bhyve
Security: CVE-2018-17160
Ticket: #62019

(cherry picked from commit 5b0911ed9405a15d0fddd237377ecaf0684142a0)

Revision 8c02ef51 (diff)
Added by Alexander Motin 7 months ago

MFC r341484 (#159)

Always treat firmware request and response sizes as unsigned.

This fixes an incomplete bounds check on the guest-supplied request
size where a very large request size could be interpreted as a negative
value and not be caught by the bounds check.

Submitted by: jhb
Reported by: Reno Robert
Approved by: so
Security: FreeBSD-SA-18:14.bhyve
Security: CVE-2018-17160
Ticket: #62019

(cherry picked from commit 5b0911ed9405a15d0fddd237377ecaf0684142a0)

History

#1 Updated by Alexander Motin 8 months ago

11-stable fixed by regular merge from FreeBSD.
11.2-stable PR: https://github.com/freenas/os/pull/159

#2 Updated by Alexander Motin 7 months ago

  • Status changed from In Progress to Ready for Testing
  • Needs Merging changed from Yes to No

Merged.

QA: Into testing I would include general bhyve VM operation with UEFI loader.

#3 Updated by Dru Lavigne 7 months ago

  • Copied to Bug #62415: Fix bhyve CVE-2018-17160 added

#7 Updated by Bonnie Follweiler 5 months ago

  • Status changed from Ready for Testing to Passed Testing
  • Needs QA changed from Yes to No

Test Passed in FreeNAS-11.2-U2-INTERNAL85

#8 Updated by Dru Lavigne 5 months ago

  • Status changed from Passed Testing to Done

Also available in: Atom PDF