FreeBSD修補虛擬機元件重大層級漏洞
支付動態 · 2024-09-24

上週FreeBSD發布安全性更新,主要是修補重大層級漏洞CVE-2024-41721,由於該漏洞沒有其他緩解機制,他們呼籲用戶應儘速套用相關更新

9月19日FreeBSD開發團隊發布資安公告,他們發布14.1-STABLE、14.1-RELEASE-p5、14.0-RELEASE-p11、13.4-STABLE、13.4-RELEASE-p1,以及13.3-RELEASE-p7更新,目的是修補重大層級的漏洞CVE-2024-41721,這項漏洞存在於名為bhyve(8)的Hypervisor元件,屬於記憶體越界讀取(OBR)弱點,CVSS風險評為9.8分。

此漏洞發生的原因,在於bhyve透過虛擬USB控制器(XHCI)模擬裝置的過程中,缺乏充分的程式碼驗證,可能導致記憶體越界讀取,從而允許任意寫入檔案或是遠端執行程式碼的情況。

攻擊者若要利用這項弱點,可利用惡意軟體取得指定權限,並透過虛擬機器(VM)觸發漏洞,引發bhyve當機,可能於主機bhyve使用者空間層級的處理程序中,得以執行程式碼,由於該Hypervisor程式通常都會以root執行,換言之,攻擊者等於可藉此任意執行程式碼。

這項漏洞無緩解措施,因此FreeBSD維護團隊呼籲儘速更新。但他們也提及,若是未使用XHCI模擬機制的用戶,不會受到這項漏洞影響。

Popular articles
PropellerAds Positions Itself as a Go-To Traffic Source for iGaming Advertisers Ahead of a High-Demand Season
Marketing
Are you ready to maximize your earnings? Try ProPush.me Constructor!
Marketing
Gaming & Technology Expo Makes a Powerful Entrance in CDMX
Marketing
1spin4win grows its Latin American presence by partnering with Fortuna Juegos
Online Game
Manila delivers: Highlights from SiGMA Asia 2026 
Southeast Asia
B2B Tech Infrastructure Gains Momentum in Philippine Gaming Sector
Southeast Asia
Online gambling, crypto pose ongoing money laundering risks in Philippines, analyst says
Southeast Asia
Vietnam’s Controlled Gaming Shift Gains Ground, But Domestic Demand Still Lags
Southeast Asia
Indiana online casino bill stalls in House committee
Regulation
New Jersey July Gambling Revenue Hits $606M, Sweeps Casinos Banned
Regulation
GAT Expo Puerto Rico Will Pulse with the New Era of Gaming in the Caribbean
Marketing
That’s a Wrap: AffPapa Conference Madrid 2026 Highlights
Online Game
Full House at GAT Expo Cartagena 2026 Academic Agenda
Online Game
Super PAC Raises $48 Million: Sports Betting Forces Ramp Up Political Push
Regulation
SBC Summit Canada to Make Player Safety a Key Pillar of 2026 Agenda
Marketing
Home
Game
Cooperation
Find
My