HomeFreeBSD

bhyve: improve input validation in pci_xhci

Description

bhyve: improve input validation in pci_xhci

Several functions did not validate the slot index resulting in OOB read
on the heap of the slot device structure which could lead to arbitrary
reads/writes and potentially code execution.

Reported by: Synacktiv
Reviewed by: markj (earlier), jhb
Approved by: so
Approved by: re (cperciva)
Security: FreeBSD-SA-24:15.bhyve
Security: CVE-2024-41721
Security: HYP-02
Sponsored by: The Alpha-Omega Project
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D45996

(cherry picked from commit e72d86ad9c62c8054d7977a71f08e68ef755c132)
(cherry picked from commit 419da61f8203ac475550ae4b0971dbef10f811f2)
(cherry picked from commit 2abd2ad648994e8444f479e54773a36311f522e5)

Details

Provenance
khorben_defora.orgAuthored on Jul 17 2024, 3:04 PM
gordonCommitted on Sep 19 2024, 1:33 PM
Reviewer
markj
Differential Revision
Restricted Differential Revision
Parents
rG58066db597be: Update in preparation for 13.4-RELEASE
Branches
Unknown
Tags
Unknown