CVE-2024-25940 Information

Description

bhyveload -h <host-path> may be used to grant loader access to the directory tree on the host. Affected versions of bhyveload(8) do not make any attempt to restrict loader’s access to allowing the loader to read any file the host user has access to. In the bhyveload(8) model the host supplies a userboot.so to boot with but the loader scripts generally come from the guest image. A maliciously crafted script could be used to exfiltrate sensitive data from the host accessible to the user running bhyhveload(8) which is often the system root.

Reference

https://security.freebsd.org/advisories/FreeBSD-SA-24:01.bhyveload.asc