MNBSD-2022-13: Out-of-bounds write in lib9p RWALK message handling

Severity: Unknown

Affected Package: lib9p

Summary: Out-of-bounds write in lib9p RWALK message handling

Description

A missing bounds check in the RWALK message handling of lib9p, used by bhyve's virtio-9p (VirtFS) device, allowed a malicious guest to overwrite unrelated memory in the bhyve process, potentially enabling user-mode code execution on the host.

Affected Versions

lib9p

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2022-23092

Published: August 09, 2022
Last Modified: August 09, 2022