Critical vulnerability reported in FreeBSD bhyve hypervisor
Take action: If you are running FreeBSD hypervisor, plan to update it soon. If you are running bhyve with XHCI emulation, patch urgently. For the rest, plan to patch but no immediate panic.
Learn More
A critical vulnerability has been identified in FreeBSD's bhyve hypervisor that allows malicious software running within a guest virtual machine (VM) to potentially execute arbitrary code on the host system.
The flaw tracked as CVE-2024-41721 (CVSS score 9.8) affects all supported versions of FreeBSD and stems from insufficient boundary validation in the USB XHCI emulation code, leading to an out-of-bounds read on the heap. This flaw could allow an attacker to exploit the vulnerability and crash the hypervisor or execute code in the host's bhyve userspace process, which typically runs with root privileges.
While bhyve operates within a Capsicum sandbox that limits the capabilities of malicious code, the vulnerability still represents a serious risk for systems using the XHCI emulation feature.
Affected versions are all supported versions of FreeBSD using bhyve with XHCI emulation. Users not utilizing XHCI emulation are not affected, but all other users must prioritize this update to prevent potential exploitation.
- stable/14: 419da61f8203
- releng/14.1: 3c6c0dcb5acb
- releng/14.0: ba46f1174972
- stable/13: 2abd2ad64899
- releng/13.4: 5f035df278cc
- releng/13.3: e7a790dc3ffe
FreeBSD users should update their systems using either the binary patch method (via freebsd-update) or by applying the source code patch and recompiling the system, then restart the corresponding bhyve processes or reboot the system to fully apply the patch.
