CVE-2024-51566

bhyve(8) NVMe driver to guest-induced infinite loops.

CVSS 6.5 MEDIUMEPSS 0.4%CWE-1285

In short

The NVMe driver in bhyve virtual machine can be forced into infinite loops by a malicious guest operating system, potentially freezing the hypervisor or consuming excessive CPU resources.

Technical detail

A guest VM can trigger infinite loops in the bhyve NVMe queue processing logic through specially crafted NVMe commands, causing denial of service on the hypervisor without requiring elevated privileges within the guest. The vulnerability stems from insufficient loop termination conditions in queue processing.

Summary generated and translated by AI from the official description.

The NVMe driver queue processing is vulernable to guest-induced infinite loops.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L

Affected products

FreeBSD · FreeBSD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc https://security.netapp.com/advisory/ntap-20250207-0008/