CVE-2024-45063
Published: 05 September 2024
Summary
CVE-2024-45063 is a high-severity Use After Free (CWE-416) vulnerability in Freebsd Freebsd. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 8.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
Deeper analysis
The vulnerability CVE-2024-45063 is a use-after-free flaw in the ctl_write_buffer function, triggered when an incorrectly set flag causes improper handling after a command finishes processing. It affects the CAM Target Layer (CTL) subsystem in FreeBSD, including components used by bhyve virtualization and iSCSI targets.
Malicious software running inside a guest VM that exposes virtio_scsi can exploit the issue to obtain code execution on the host inside the bhyve userspace process, which normally runs as root. A malicious iSCSI initiator can similarly achieve remote code execution against an iSCSI target host. The CVSS 8.8 score reflects local attack vector with high impact on confidentiality, integrity, and availability, though bhyve's Capsicum sandbox limits the resulting capabilities.
FreeBSD advisory SA-24:11.ctl and the related NetApp advisory describe the flaw and direct administrators to apply the corresponding kernel patches that correct the flag handling in ctl_write_buffer. The EPSS score has remained low with only minimal movement between its current value of 0.0689 and recorded peak of 0.0726.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-41291
Vulnerability details
The function ctl_write_buffer incorrectly set a flag which resulted in a kernel Use-After-Free when a command finished processing. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in…
more
the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Use-after-free exploits that achieve arbitrary code execution are blocked or significantly hardened by non-executable pages and ASLR.