CVE-2024-41928 Information

Description

Malicious software running in a guest VM can exploit the buffer overflow to achieve code execution on the host in the bhyve userspace process which typically runs as root. Note that bhyve runs in a Capsicum sandbox so malicious code is constrained by the capabilities available to the bhyve process.

Reference

https://security.freebsd.org/advisories/FreeBSD-SA-24:10.bhyve.asc