How severe is CVE-2024-8178?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.3 out of 10.

What type of vulnerability is CVE-2024-8178?

This is classified as CWE-908, which is a common weakness in software security.

CVE-2024-8178 - CRITICAL Severity | CVSS 9.3

Vulnerability Description

The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

Related Vulnerabilities

CVE-2021-25905

CRITICAL

CVSS:9.1(Critical)

An issue was discovered in the bra crate before 0.1.1 for Rust. It lacks soundness because it can read uninitialized memory.

CWE-9082021

CVE-2024-47685

CRITICAL

CVSS:9.1(Critical)

In the Linux kernel, the following vulnerability has been resolved: netfilter: nf_reject_ipv6: fix nf_reject_ip6_tcphdr_put() syzbot reported that nf_reject_ip6_tcphdr_put() was possibly sending garba...

CWE-9082024

CVE-2008-0081

CRITICAL

CVSS:9.8(Critical)

Unspecified vulnerability in Microsoft Excel 2000 SP3 through 2003 SP2, Viewer 2003, and Office 2004 for Mac allows user-assisted remote attackers to execute arbitrary code via crafted macros, aka "Ma...

CWE-9082008

CVE-2008-2934

HIGH

CVSS:8.8(High)

Mozilla Firefox 3 before 3.0.1 on Mac OS X allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted GIF file that triggers a free of an...

CWE-9082008

CVE-2008-3475

HIGH

CVSS:8.8(High)

Microsoft Internet Explorer 6 does not properly handle errors related to using the componentFromPoint method on xml objects that have been (1) incorrectly initialized or (2) deleted, which allows remo...

CWE-9082008

CVE-2008-4197

HIGH

CVSS:8.8(High)

Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-ass...

CWE-9082008