All the vulnerabilites related to openindiana - openindiana
Vulnerability from fkie_nvd
Published
2022-12-26 06:15
Modified
2024-11-21 06:29
Severity ?
Summary
An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:illumos:illumos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2A4CF626-104D-4D80-BBB3-AAD92851309C",
"versionEndExcluding": "2022-01-18",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:omniosce:omnios:r151038:*:*:*:community:*:*:*",
"matchCriteriaId": "E79C33B6-754E-44EF-BB8A-CBF3D8F54BC9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:openindiana:openindiana:hipster_2021.04:*:*:*:*:*:*:*",
"matchCriteriaId": "39D1A8D6-2008-468C-A894-D3FD867F4D98",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:joyent:smartos:20210923:*:*:*:*:*:*:*",
"matchCriteriaId": "3E4E46FC-C324-46AC-B7A8-A7074EA7B6CB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:oracle:solaris:10:*:*:*:*:*:*:*",
"matchCriteriaId": "964B57CD-CB8A-4520-B358-1C93EC5EF2DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:oracle:solaris:11:*:*:*:*:*:*:*",
"matchCriteriaId": "8E8C192B-8044-4BF9-9F1F-57371FC0E8FD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected."
},
{
"lang": "es",
"value": "Se descubri\u00f3 un problema en illumos antes de f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04 y SmartOS 20210923. Un usuario local sin privilegios puede provocar un punto muerto y p\u00e1nico en el kernel mediante llamadas de cambio de nombre y rmdir manipuladas en sistemas de archivos tmpfs. Oracle Solaris 10 y 11 tambi\u00e9n se ve afectado."
}
],
"id": "CVE-2021-43395",
"lastModified": "2024-11-21T06:29:09.353",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-12-26T06:15:10.677",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.tribblix.org/relnotes.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://jgardner100.wordpress.com/2022/01/20/security-heads-up/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://kebe.com/blog/?p=505"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://www.illumos.org/issues/14424"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Third Party Advisory"
],
"url": "http://www.tribblix.org/relnotes.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://jgardner100.wordpress.com/2022/01/20/security-heads-up/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://kebe.com/blog/?p=505"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://www.illumos.org/issues/14424"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-667"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2020-09-25 04:23
Modified
2024-11-21 05:15
Severity ?
Summary
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B985F217-C03B-4FB4-9967-55793399E30F",
"versionEndIncluding": "11.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:*",
"matchCriteriaId": "F35957CE-AF9F-40CA-BDD1-FA6A0E73783F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "EA929713-B797-494A-853D-C121D9D69519",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p10:*:*:*:*:*:*",
"matchCriteriaId": "B87AF171-95AC-4DDA-8D94-694F85638B46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p11:*:*:*:*:*:*",
"matchCriteriaId": "1CC8B031-41BB-4846-B092-7E4BC6F35D6B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p12:*:*:*:*:*:*",
"matchCriteriaId": "83E34012-BC9D-4F0C-AAE1-FE5767B4EED6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p13:*:*:*:*:*:*",
"matchCriteriaId": "57EF03AC-0934-46FD-A77C-76A0CAF4342C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p2:*:*:*:*:*:*",
"matchCriteriaId": "3C3D8EDC-91D3-45B2-AC1D-EF4346D4A714",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p3:*:*:*:*:*:*",
"matchCriteriaId": "EA5006FF-06A5-4D95-BF5B-29F26248D11F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p4:*:*:*:*:*:*",
"matchCriteriaId": "A705031B-FD63-4076-B92E-E826E11D7111",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p5:*:*:*:*:*:*",
"matchCriteriaId": "11C1EFB1-68E5-45F4-A7E1-744574F290D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p6:*:*:*:*:*:*",
"matchCriteriaId": "25F649A7-9265-4552-8934-BCE083363982",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p7:*:*:*:*:*:*",
"matchCriteriaId": "F202C856-5B95-4796-AC4A-1F210E7BAB8F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p8:*:*:*:*:*:*",
"matchCriteriaId": "9419C866-C478-4CDE-A9A1-E592D8FF0933",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:p9:*:*:*:*:*:*",
"matchCriteriaId": "2B6DFC23-A7A1-431A-9AD9-A820579F95F0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.3:rc3:*:*:*:*:*:*",
"matchCriteriaId": "E03E6445-DD63-44E8-85D1-3971253F395A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:-:*:*:*:*:*:*",
"matchCriteriaId": "4A865EA1-01D7-4E5A-9D13-80780F8A9D7A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:beta1:*:*:*:*:*:*",
"matchCriteriaId": "B80FBD1B-D03E-4408-9150-2F86FAF7F1D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p1:*:*:*:*:*:*",
"matchCriteriaId": "9FCA6A72-2A72-45FD-A43D-B5BF7C329121",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p2:*:*:*:*:*:*",
"matchCriteriaId": "90F9B3CB-3B60-4AA8-9EAF-4F0BE7D27691",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:p3:*:*:*:*:*:*",
"matchCriteriaId": "C04EE177-C7D1-4049-B680-F961A27C677F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:rc1:*:*:*:*:*:*",
"matchCriteriaId": "2B0FB7BE-DB4E-47CE-8B51-C43DC5AADD17",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:11.4:rc2:*:*:*:*:*:*",
"matchCriteriaId": "0D427061-B399-47BA-865D-9FAB315210CF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:*",
"matchCriteriaId": "826B53C2-517F-4FC6-92E8-E7FCB24F91B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p1:*:*:*:*:*:*",
"matchCriteriaId": "93F10A46-AEF2-4FDD-92D6-0CF07B70F986",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p10:*:*:*:*:*:*",
"matchCriteriaId": "8C7B8FCA-2170-469A-B6D6-2C6AB254F20F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p11:*:*:*:*:*:*",
"matchCriteriaId": "E94067A1-5C68-4401-A7B6-29B4FE553733",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p12:*:*:*:*:*:*",
"matchCriteriaId": "87EE567B-7604-41CC-B0A7-B51255D4C240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p2:*:*:*:*:*:*",
"matchCriteriaId": "E1AD57A9-F53A-4E40-966E-F2F50852C5E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p3:*:*:*:*:*:*",
"matchCriteriaId": "C4029113-130F-4A33-A8A0-BC3E74000378",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p4:*:*:*:*:*:*",
"matchCriteriaId": "46C5A6FD-7BBF-4E84-9895-8EE14DC846E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p5:*:*:*:*:*:*",
"matchCriteriaId": "6D71D083-3279-4DF4-91E1-38C373DD062F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p6:*:*:*:*:*:*",
"matchCriteriaId": "882669AB-BCFC-4517-A3E9-33D344F1ED0D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p7:*:*:*:*:*:*",
"matchCriteriaId": "BC3D24FB-50A2-4E37-A479-AF21F8ECD706",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p8:*:*:*:*:*:*",
"matchCriteriaId": "3070787D-76E1-4671-B99D-213F7103B3A2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.0:p9:*:*:*:*:*:*",
"matchCriteriaId": "0140276F-9C31-4B5C-A5AC-DE0EBB885275",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:-:*:*:*:*:*:*",
"matchCriteriaId": "BD730B6A-F123-4685-ACB3-4F20AAAB77F3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p1:*:*:*:*:*:*",
"matchCriteriaId": "508150E3-2C0C-4EEB-BFC9-BB5CEB404C06",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p2:*:*:*:*:*:*",
"matchCriteriaId": "B5D692EF-A5D7-430E-91BA-4CD137343B66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p3:*:*:*:*:*:*",
"matchCriteriaId": "D50C60A7-4C9F-4636-92E9-9F5B8B01BE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p4:*:*:*:*:*:*",
"matchCriteriaId": "6C49F6C7-A740-42F4-93BB-512CBF334516",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p5:*:*:*:*:*:*",
"matchCriteriaId": "402740C4-5B55-423F-BAD2-F742E1E21ADC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p6:*:*:*:*:*:*",
"matchCriteriaId": "9DCAA10A-C612-45E0-84B7-55897F49D65E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p7:*:*:*:*:*:*",
"matchCriteriaId": "CB6258A5-8066-48B8-A417-09A1547DD57A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p8:*:*:*:*:*:*",
"matchCriteriaId": "6601C7C4-EC36-4EAA-90AC-D3156A2BF330",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:freebsd:freebsd:12.1:p9:*:*:*:*:*:*",
"matchCriteriaId": "EDCBC06C-B16B-498A-A99B-5F9F17C5FF03",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:omniosce:omnios:*:*:*:*:community:*:*:*",
"matchCriteriaId": "6F88A2E7-1972-4CBD-9197-9680DCF9806F",
"versionEndIncluding": "r151034",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:openindiana:openindiana:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2F91E6EC-CDE1-4B4B-B556-1B91C0CA5BEA",
"versionEndIncluding": "hipster_2020.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP."
},
{
"lang": "es",
"value": "bhyve, como es usado en FreeBSD versiones hasta 12.1 e illumos (por ejemplo, OmniOS CE versiones hasta r151034 y OpenIndiana versiones hasta Hipster 2020.04), no restringe apropiadamente las operaciones de lectura y de escritura de VMCS y VMCB, como es demostrado por un usuario root en un contenedor en un sistema Intel, qui\u00e9n puede alcanzar privilegios al modificar VMCS_HOST_RIP"
}
],
"id": "CVE-2020-24718",
"lastModified": "2024-11-21T05:15:57.703",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.5,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-09-25T04:23:04.683",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201016-0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.netapp.com/advisory/ntap-20201016-0002/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-862"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2020-24718
Vulnerability from cvelistv5
Published
2020-09-25 03:49
Modified
2024-08-04 15:19
Severity ?
EPSS score ?
Summary
bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249 | x_refsource_MISC | |
| https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc | x_refsource_CONFIRM | |
| https://security.netapp.com/advisory/ntap-20201016-0002/ | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T15:19:09.334Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security.netapp.com/advisory/ntap-20201016-0002/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T10:06:12",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security.netapp.com/advisory/ntap-20201016-0002/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-24718",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bhyve, as used in FreeBSD through 12.1 and illumos (e.g., OmniOS CE through r151034 and OpenIndiana through Hipster 2020.04), does not properly restrict VMCS and VMCB read/write operations, as demonstrated by a root user in a container on an Intel system, who can gain privileges by modifying VMCS_HOST_RIP."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249",
"refsource": "MISC",
"url": "https://github.com/illumos/illumos-gate/blob/84971882a96ac0fecd538b02208054a872ff8af3/usr/src/uts/i86pc/io/vmm/intel/vmcs.c#L246-L249"
},
{
"name": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc",
"refsource": "CONFIRM",
"url": "https://security.FreeBSD.org/advisories/FreeBSD-SA-20:28.bhyve_vmcs.asc"
},
{
"name": "https://security.netapp.com/advisory/ntap-20201016-0002/",
"refsource": "CONFIRM",
"url": "https://security.netapp.com/advisory/ntap-20201016-0002/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-24718",
"datePublished": "2020-09-25T03:49:02",
"dateReserved": "2020-08-27T00:00:00",
"dateUpdated": "2024-08-04T15:19:09.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43395
Vulnerability from cvelistv5
Published
2022-12-26 00:00
Modified
2024-08-04 03:55
Severity ?
EPSS score ?
Summary
An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:55:28.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"tags": [
"x_transferred"
],
"url": "http://www.tribblix.org/relnotes.html"
},
{
"tags": [
"x_transferred"
],
"url": "https://jgardner100.wordpress.com/2022/01/20/security-heads-up/"
},
{
"tags": [
"x_transferred"
],
"url": "https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.illumos.org/issues/14424"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90"
},
{
"tags": [
"x_transferred"
],
"url": "https://kebe.com/blog/?p=505"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in illumos before f859e7171bb5db34321e45585839c6c3200ebb90, OmniOS Community Edition r151038, OpenIndiana Hipster 2021.04, and SmartOS 20210923. A local unprivileged user can cause a deadlock and kernel panic via crafted rename and rmdir calls on tmpfs filesystems. Oracle Solaris 10 and 11 is also affected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-12-26T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://github.com/illumos/illumos-gate/blob/069654420de4aade43c63c43cd2896e66945fc8a/usr/src/uts/common/fs/tmpfs/tmp_vnops.c"
},
{
"url": "https://github.com/illumos/illumos-gate/blob/b3403853e80914bd0aade9b5b605da4878078173/usr/src/uts/common/fs/tmpfs/tmp_dir.c"
},
{
"url": "https://www.oracle.com/security-alerts/cpujan2022.html"
},
{
"url": "http://www.tribblix.org/relnotes.html"
},
{
"url": "https://jgardner100.wordpress.com/2022/01/20/security-heads-up/"
},
{
"url": "https://illumos.topicbox.com/groups/developer/T1c9e4f27f8c2f959/security-heads-up-illumos14424"
},
{
"url": "https://www.illumos.org/issues/14424"
},
{
"url": "https://github.com/illumos/illumos-gate/commit/f859e7171bb5db34321e45585839c6c3200ebb90"
},
{
"url": "https://kebe.com/blog/?p=505"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-43395",
"datePublished": "2022-12-26T00:00:00",
"dateReserved": "2021-11-04T00:00:00",
"dateUpdated": "2024-08-04T03:55:28.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}