FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- bhyve SVM guest escape

Affected packages
12.1 <= FreeBSD-kernel < 12.1_10
11.4 <= FreeBSD-kernel < 11.4_4
11.3 <= FreeBSD-kernel < 11.3_14

Details

VuXML ID e73c688b-f7e6-11ea-88f8-901b0ef719ab
Discovery 2020-09-15
Entry 2020-09-16

Problem Description:

A number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped.

Impact:

From kernel mode a malicious guest can write to arbitrary host memory (with some constraints), affording the guest full control of the host.

References

CVE Name CVE-2020-7467
FreeBSD Advisory SA-20:29.bhyve_svm