vulnerability
FreeBSD: VID-a6d5d4c1-0564-11ec-b69d-4062311215d5 (CVE-2021-29631): FreeBSD -- Missing error handling in bhyve(8) device models
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:L/Au:N/C:C/I:C/A:C) | Aug 25, 2021 | Nov 4, 2022 | Dec 10, 2025 |
Severity
7
CVSS
(AV:L/AC:L/Au:N/C:C/I:C/A:C)
Published
Aug 25, 2021
Added
Nov 4, 2022
Modified
Dec 10, 2025
Description
Problem Description: Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption. Impact: A malicious guest may be able to crash the bhyve process. It may be possible to exploit the memory corruption bugs to achieve arbitrary code execution in the bhyve process.
Solutions
freebsd-upgrade-base-13_0-release-p4freebsd-upgrade-base-12_2-release-p10freebsd-upgrade-base-11_4-release-p13
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.