Severity: Unknown
Affected Package: lib9p
Summary: Out-of-bounds write in lib9p RWALK message handling
A missing bounds check in the RWALK message handling of lib9p, used by bhyve's virtio-9p (VirtFS) device, allowed a malicious guest to overwrite unrelated memory in the bhyve process, potentially enabling user-mode code execution on the host.
No specific recommendations provided.
Aliases: CVE-2022-23092
Published: August 09, 2022
Last Modified: August 09, 2022