CVE-2024-45063 (GCVE-0-2024-45063)

Vulnerability from cvelistv5 – Published: 2024-09-05 04:31 – Updated: 2025-11-04 16:15
VLAI?
Summary
The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
Severity ?
9.8 (Critical)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE
Assigner
References
Impacted products
Vendor Product Version
FreeBSD FreeBSD Affected: 14.1-RELEASE , < p4 (release)
Affected: 14.0-RELEASE , < p10 (release)
Affected: 13.3-RELEASE , < p6 (release)
Create a notification for this product.
Credits
Synacktiv The FreeBSD Foundation The Alpha-Omega Project
Show details on NVD website
To clipboard 

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "freebsd",
            "vendor": "freebsd",
            "versions": [
              {
                "lessThan": "14.1_p4",
                "status": "affected",
                "version": "14.1",
                "versionType": "custom"
              },
              {
                "lessThan": "14.0_p10",
                "status": "affected",
                "version": "14.0",
                "versionType": "custom"
              },
              {
                "lessThan": "13.3_p6",
                "status": "affected",
                "version": "13.3",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2024-45063",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-09-05T13:10:26.772292Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-09-06T16:18:12.181Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T16:15:46.470Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "https://security.netapp.com/advisory/ntap-20240920-0010/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unknown",
          "modules": [
            "ctl"
          ],
          "product": "FreeBSD",
          "vendor": "FreeBSD",
          "versions": [
            {
              "lessThan": "p4",
              "status": "affected",
              "version": "14.1-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p10",
              "status": "affected",
              "version": "14.0-RELEASE",
              "versionType": "release"
            },
            {
              "lessThan": "p6",
              "status": "affected",
              "version": "13.3-RELEASE",
              "versionType": "release"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Synacktiv"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "value": "The FreeBSD Foundation"
        },
        {
          "lang": "en",
          "type": "sponsor",
          "value": "The Alpha-Omega Project"
        }
      ],
      "datePublic": "2024-09-04T23:37:17.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.\n\nMalicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.  Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.  A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-416",
              "description": "CWE-416 Use After Free",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-09-05T04:31:22.649Z",
        "orgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
        "shortName": "freebsd"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc"
        }
      ],
      "title": "Multiple issues in ctl(4) CAM Target Layer"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "63664ac6-956c-4cba-a5d0-f46076e16109",
    "assignerShortName": "freebsd",
    "cveId": "CVE-2024-45063",
    "datePublished": "2024-09-05T04:31:22.649Z",
    "dateReserved": "2024-08-27T16:30:56.002Z",
    "dateUpdated": "2025-11-04T16:15:46.470Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"13.0\", \"versionEndExcluding\": \"13.3\", \"matchCriteriaId\": \"E82CE719-C11D-4C34-BDF9-5AA704884289\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"17DAE911-21E1-4182-85A0-B9F0059DDA7F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"ABEA48EC-24EA-4106-9465-CE66B938635F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"8DFB5BD0-E777-4CAA-B2E0-3F3357D06D01\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC8C769C-A23E-4F61-AC42-4DA64421B096\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"45B0589E-2E7D-4516-A8A0-88F30038EAB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:13.3:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"C5CD8EF6-B119-488F-A278-8E9740E3E482\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:13.4:beta3:*:*:*:*:*:*\", \"matchCriteriaId\": \"2F52349C-6051-4CB9-8659-763A22C31640\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA25530A-133C-4D7C-8993-D5C42D79A0B5\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"69A72B5A-2189-4700-8E8B-1E5E7CA86C40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"5771F187-281B-4680-B562-EFC7441A8F88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"0A4437F5-9DDA-4769-974E-23BFA085E0DB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*\", \"matchCriteriaId\": \"A9C3A3D4-C9F4-41EB-B532-821AF83470B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*\", \"matchCriteriaId\": \"878A1F0A-087F-47D7-9CA5-A54BB8D6676A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*\", \"matchCriteriaId\": \"CE73CDC3-B5A7-4921-89C6-8F9DC426CB3E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*\", \"matchCriteriaId\": \"50A5E650-31FB-45BE-8827-641B58A83E45\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:*\", \"matchCriteriaId\": \"D59CFDD3-AEC3-43F1-A620-0B1F0BAD9048\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:p9:*:*:*:*:*:*\", \"matchCriteriaId\": \"44B8A489-6314-460D-90DA-AFB54298C8E6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*\", \"matchCriteriaId\": \"038E5B85-7F60-4D71-8D3F-EDBF6E036CE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"BF309824-D379-4749-A1FA-BCB2987DD671\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"79D770C6-7A57-4A49-8164-C55391F62301\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*\", \"matchCriteriaId\": \"AA813990-8C8F-4EE8-9F2B-9F73C510A7B2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:*\", \"matchCriteriaId\": \"D4DFA201-27D5-4C01-B90F-E24778943C3B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:freebsd:freebsd:14.1:p3:*:*:*:*:*:*\", \"matchCriteriaId\": \"01DD321B-E5E2-49F7-86A1-D40B13E257C7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.\\n\\nMalicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.  Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.  A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.\"}, {\"lang\": \"es\", \"value\": \"La funci\\u00f3n ctl_write_buffer estableci\\u00f3 incorrectamente un indicador que result\\u00f3 en un uso posterior a la liberaci\\u00f3n del n\\u00facleo cuando finaliz\\u00f3 el procesamiento de un comando. El software malintencionado que se ejecuta en una m\\u00e1quina virtual invitada que expone virtio_scsi puede explotar las vulnerabilidades para lograr la ejecuci\\u00f3n de c\\u00f3digo en el host en el proceso de espacio de usuario bhyve, que normalmente se ejecuta como ra\\u00edz. Tenga en cuenta que bhyve se ejecuta en un entorno aislado de Capsicum, por lo que el c\\u00f3digo malintencionado est\\u00e1 limitado por las capacidades disponibles para el proceso bhyve. Un iniciador iSCSI malintencionado podr\\u00eda lograr la ejecuci\\u00f3n remota de c\\u00f3digo en el host de destino iSCSI.\"}]",
      "id": "CVE-2024-45063",
      "lastModified": "2024-09-06T17:35:18.370",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}, {\"source\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}]}",
      "published": "2024-09-05T05:15:13.830",
      "references": "[{\"url\": \"https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc\", \"source\": \"secteam@freebsd.org\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "secteam@freebsd.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secteam@freebsd.org\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-45063\",\"sourceIdentifier\":\"secteam@freebsd.org\",\"published\":\"2024-09-05T05:15:13.830\",\"lastModified\":\"2025-11-04T17:16:14.880\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.\\n\\nMalicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.  Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.  A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.\"},{\"lang\":\"es\",\"value\":\"La funci\u00f3n ctl_write_buffer estableci\u00f3 incorrectamente un indicador que result\u00f3 en un uso posterior a la liberaci\u00f3n del n\u00facleo cuando finaliz\u00f3 el procesamiento de un comando. El software malintencionado que se ejecuta en una m\u00e1quina virtual invitada que expone virtio_scsi puede explotar las vulnerabilidades para lograr la ejecuci\u00f3n de c\u00f3digo en el host en el proceso de espacio de usuario bhyve, que normalmente se ejecuta como ra\u00edz. Tenga en cuenta que bhyve se ejecuta en un entorno aislado de Capsicum, por lo que el c\u00f3digo malintencionado est\u00e1 limitado por las capacidades disponibles para el proceso bhyve. Un iniciador iSCSI malintencionado podr\u00eda lograr la ejecuci\u00f3n remota de c\u00f3digo en el host de destino iSCSI.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"secteam@freebsd.org\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"13.3\",\"matchCriteriaId\":\"E82CE719-C11D-4C34-BDF9-5AA704884289\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.3:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"17DAE911-21E1-4182-85A0-B9F0059DDA7F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.3:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"ABEA48EC-24EA-4106-9465-CE66B938635F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.3:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"8DFB5BD0-E777-4CAA-B2E0-3F3357D06D01\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.3:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC8C769C-A23E-4F61-AC42-4DA64421B096\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.3:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"45B0589E-2E7D-4516-A8A0-88F30038EAB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.3:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5CD8EF6-B119-488F-A278-8E9740E3E482\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:13.4:beta3:*:*:*:*:*:*\",\"matchCriteriaId\":\"2F52349C-6051-4CB9-8659-763A22C31640\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA25530A-133C-4D7C-8993-D5C42D79A0B5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:beta5:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB7B021E-F4AD-44AC-96AB-8ACAF8AB1B88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"69A72B5A-2189-4700-8E8B-1E5E7CA86C40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"5771F187-281B-4680-B562-EFC7441A8F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"0A4437F5-9DDA-4769-974E-23BFA085E0DB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:p4:*:*:*:*:*:*\",\"matchCriteriaId\":\"A9C3A3D4-C9F4-41EB-B532-821AF83470B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:p5:*:*:*:*:*:*\",\"matchCriteriaId\":\"878A1F0A-087F-47D7-9CA5-A54BB8D6676A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:p6:*:*:*:*:*:*\",\"matchCriteriaId\":\"CE73CDC3-B5A7-4921-89C6-8F9DC426CB3E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:p7:*:*:*:*:*:*\",\"matchCriteriaId\":\"50A5E650-31FB-45BE-8827-641B58A83E45\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:p8:*:*:*:*:*:*\",\"matchCriteriaId\":\"D59CFDD3-AEC3-43F1-A620-0B1F0BAD9048\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:p9:*:*:*:*:*:*\",\"matchCriteriaId\":\"44B8A489-6314-460D-90DA-AFB54298C8E6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"038E5B85-7F60-4D71-8D3F-EDBF6E036CE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.0:rc4-p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"BF309824-D379-4749-A1FA-BCB2987DD671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.1:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"79D770C6-7A57-4A49-8164-C55391F62301\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.1:p1:*:*:*:*:*:*\",\"matchCriteriaId\":\"AA813990-8C8F-4EE8-9F2B-9F73C510A7B2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.1:p2:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4DFA201-27D5-4C01-B90F-E24778943C3B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:freebsd:freebsd:14.1:p3:*:*:*:*:*:*\",\"matchCriteriaId\":\"01DD321B-E5E2-49F7-86A1-D40B13E257C7\"}]}]}],\"references\":[{\"url\":\"https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc\",\"source\":\"secteam@freebsd.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://security.netapp.com/advisory/ntap-20240920-0010/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 9.8, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-45063\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-09-05T13:10:26.772292Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:o:freebsd:freebsd:*:*:*:*:*:*:*:*\"], \"vendor\": \"freebsd\", \"product\": \"freebsd\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1\", \"lessThan\": \"14.1_p4\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"14.0\", \"lessThan\": \"14.0_p10\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"13.3\", \"lessThan\": \"13.3_p6\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-09-05T13:05:30.474Z\"}}], \"cna\": {\"title\": \"Multiple issues in ctl(4) CAM Target Layer\", \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"value\": \"Synacktiv\"}, {\"lang\": \"en\", \"type\": \"sponsor\", \"value\": \"The FreeBSD Foundation\"}, {\"lang\": \"en\", \"type\": \"sponsor\", \"value\": \"The Alpha-Omega Project\"}], \"affected\": [{\"vendor\": \"FreeBSD\", \"modules\": [\"ctl\"], \"product\": \"FreeBSD\", \"versions\": [{\"status\": \"affected\", \"version\": \"14.1-RELEASE\", \"lessThan\": \"p4\", \"versionType\": \"release\"}, {\"status\": \"affected\", \"version\": \"14.0-RELEASE\", \"lessThan\": \"p10\", \"versionType\": \"release\"}, {\"status\": \"affected\", \"version\": \"13.3-RELEASE\", \"lessThan\": \"p6\", \"versionType\": \"release\"}], \"defaultStatus\": \"unknown\"}], \"datePublic\": \"2024-09-04T23:37:17.000Z\", \"references\": [{\"url\": \"https://security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc\", \"tags\": [\"vendor-advisory\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing.\\n\\nMalicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root.  Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process.  A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"63664ac6-956c-4cba-a5d0-f46076e16109\", \"shortName\": \"freebsd\", \"dateUpdated\": \"2024-09-05T04:31:22.649Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-45063\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-09-06T16:18:12.181Z\", \"dateReserved\": \"2024-08-27T16:30:56.002Z\", \"assignerOrgId\": \"63664ac6-956c-4cba-a5d0-f46076e16109\", \"datePublished\": \"2024-09-05T04:31:22.649Z\", \"assignerShortName\": \"freebsd\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.