MNBSD-2022-6: bhyve e1000 out-of-bounds write via unvalidated checksum offset

Severity: Unknown

Affected Package: bhyve

Summary: bhyve e1000 out-of-bounds write via unvalidated checksum offset

Description

The e1000 network device model in bhyve used a guest-provided value as the checksum offset into an on-stack buffer when checksum offload was requested for a transmitted packet, without validating it for certain packet types. A malicious guest could write out of bounds in the host bhyve process, possibly leading to code execution in the host context.

Affected Versions

bhyve

Recommendations

No specific recommendations provided.

References

Additional Information

Aliases: CVE-2022-23087

Published: April 06, 2022
Last Modified: April 06, 2022