HomeFreeBSD
Diffusion FreeBSD src repository af438acbfde3

ctl: fix Out-Of-Bounds access in ctl_report_supported_opcodes
af438acbfde3
Actions

Description

ctl: fix Out-Of-Bounds access in ctl_report_supported_opcodes

This vulnerability is directly accessible to a guest VM through the
pci_virtio_scsi bhyve device.

In the function ctl_report_supported_opcodes() accessible from the VM,
the option RSO_OPTIONS_OC_ASA does not check the requested
service_action value before accessing &ctl_cmd_table[].

Reported by: Synacktiv
Reviewed by: asomers
Security: FreeBSD-SA-24:11.ctl
Security: CVE-2024-42416
Security: HYP-06
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D46027

Details

Provenance
khorben_defora.orgAuthored on Sep 4 2024, 2:38 PM
emasteCommitted on Sep 4 2024, 2:38 PM
Reviewer
asomers
Differential Revision
Restricted Differential Revision
Parents
rGea44766b78d6: ctl: fix memory disclosure in read/write buffer commands
Branches
Unknown
Tags
Unknown

Changes (1)

PathSize
sys/
cam/
ctl/

rGaf438acbfde3

View Options

sys/cam/ctl/ctl.c

Loading...