FreeBSD-EN-20:28.bhyve_vmcs : bhyve privilege escalation
Versions Affected : All verisons prior to FreeNAS 11.3-U5
Description
Insufficient access controls (VMCS) allow root users, including those running in a jail, to change these data structures.
An attacker with host root access (including to a jailed bhyve instance) can use this vulnerability to achieve kernel code execution.
Workaround
No workaround is available. This issue is likely of concern only to systems relying on running bhyve in jail(8) for security domain separation.
Mitigation
- Upgrade to FreeNAS 11.3-U5 or later.
Commit
- FreeBSD Revision : r365779
- FreeNAS Commit : d7a0d0c
- FreeNAS Commit : 1d3c95f
- JIRA Ticket : NAS-107090