CVE-2019-5604
Severity CVSS v4.0:
Pending analysis
Type:
CWE-125
Out-of-bounds Read
Publication date:
26/07/2019
Last modified:
01/03/2023
Description
In FreeBSD 12.0-STABLE before r350246, 12.0-RELEASE before 12.0-RELEASE-p8, 11.3-STABLE before r350247, 11.3-RELEASE before 11.3-RELEASE-p1, and 11.2-RELEASE before 11.2-RELEASE-p12, the emulated XHCI device included with the bhyve hypervisor did not properly validate data provided by the guest, allowing an out-of-bounds read. This provides a malicious guest the possibility to crash the system or access system memory.
Impact
Base Score 3.x
9.60
Severity 3.x
CRITICAL
Base Score 2.0
8.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:freebsd:freebsd:11.0:-:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:-:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p10:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p11:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p2:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p3:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p4:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p5:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p6:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p7:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p8:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:p9:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.2:rc3:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:11.3:-:*:*:*:*:*:* | ||
| cpe:2.3:o:freebsd:freebsd:12.0:-:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page