CVE-2016-1889 Freebsd CVE debrief

Who should care

FreeBSD administrators and virtualization operators running bhyve on affected releases (10.1, 10.2, 10.3, and 11.0), especially where guest workloads are not fully trusted.

Technical summary

The supplied NVD data describes an integer overflow in bhyve on FreeBSD 10.1, 10.2, 10.3, and 11.0 when large guest memory is configured. NVD states this can enable local privilege escalation via a crafted device descriptor. The record maps the weakness to CWE-190 and assigns CVSS 3.0 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H (7.8).

Defensive priority

High. Prioritize remediation on any FreeBSD host using bhyve, because the flaw can enable local privilege escalation on the virtualization host.

Recommended defensive actions

• Review the FreeBSD vendor advisory and NVD record for the fixed releases and official mitigation guidance.
• Apply the FreeBSD updates or patches that address FreeBSD-SA-16:38.bhyve on affected systems.
• Limit access to bhyve administration and reduce the number of users who can interact with virtualization management tooling.
• Inventory FreeBSD 10.1-11.0 hosts to confirm whether bhyve is enabled and whether large guest memory allocations are in use.
• Verify patch management and monitoring coverage for all bhyve-enabled FreeBSD systems.

Evidence notes

The supplied NVD record marks FreeBSD 10.1, 10.2, 10.3, and 11.0 as vulnerable, identifies CWE-190, and links to the FreeBSD vendor advisory FreeBSD-SA-16:38.bhyve.asc. The provided enrichment data does not list this CVE in KEV.

Official resources