CVE-2021-29631
FreeBSD Security Advisory - FreeBSD-SA-21:13.bhyve
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In FreeBSD 13.0-STABLE before n246941-20f96f215562, 12.2-STABLE before r370400, 11.4-STABLE before r370399, 13.0-RELEASE before p4, 12.2-RELEASE before p10, and 11.4-RELEASE before p13, certain VirtIO-based device models in bhyve failed to handle errors when fetching I/O descriptors. A malicious guest may cause the device model to operate on uninitialized I/O vectors leading to memory corruption, crashing of the bhyve process, and possibly arbitrary code execution in the bhyve process.
En FreeBSD versiones 13.0-STABLE anteriores a n246941-20f96f215562, 12.2-STABLE anteriores a r370400, 11.4-STABLE anteriores a r370399, 13.0-RELEASE anteriores a p4, 12.2-RELEASE anteriores a p10, y 11.4-RELEASE anteriores a p13, determinados modelos de dispositivos basados en VirtIO en bhyve presentaban un fallo al manejar los errores cuando se obtenían descriptores de E/S. Un huésped malicioso puede causar al modelo de dispositivo operar en vectores de E/S no inicializados, conllevando a una corrupción de la memoria, un bloqueo del proceso bhyve y, posiblemente, una ejecución de código arbitrario en el proceso bhyve.
Certain VirtIO-based device models failed to handle errors when fetching I/O descriptors. Such errors could be triggered by a malicious guest. As a result, the device model code could be tricked into operating on uninitialized I/O vectors, leading to memory corruption. A malicious guest may be able to crash the bhyve process. It may be possible to exploit the memory corruption bugs to achieve arbitrary code execution in the bhyve process.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-03-30 CVE Reserved
- 2021-08-24 CVE Published
- 2024-08-03 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-908: Use of Uninitialized Resource
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://security.netapp.com/advisory/ntap-20210923-0004 | Third Party Advisory |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://security.FreeBSD.org/advisories/FreeBSD-SA-21:13.bhyve.asc | 2021-12-14 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p10 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p11 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p12 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p13 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p2 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p3 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p4 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p5 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p6 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p7 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p8 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 11.4 Search vendor "Freebsd" for product "Freebsd" and version "11.4" | p9 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | p1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | p10 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | p2 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | p3 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | p4 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | p5 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | p6 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | p7 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | p8 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 12.2 Search vendor "Freebsd" for product "Freebsd" and version "12.2" | p9 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | - |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | p1 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | p2 |
Affected
| ||||||
| Freebsd Search vendor "Freebsd" | Freebsd Search vendor "Freebsd" for product "Freebsd" | 13.0 Search vendor "Freebsd" for product "Freebsd" and version "13.0" | p3 |
Affected
| ||||||