¡¾·ì϶¹«¸æ¡¿FreeBSD bhyveÔ½½ç¶ÁÈ¡·ì϶£¨CVE-2024-41721£©

°ä²¼¹¦·ò 2024-09-23

Ò»¡¢·ì϶¸ÅÊö

·ìϼûû³Æ

FreeBSD bhyveÔ½½ç¶ÁÈ¡·ì϶

CVE   ID

CVE-2024-41721

·ì϶ÀàÐÍ

 Ô½½ç¶ÁÈ¡

·¢ÏÖ¹¦·ò

2024-09-23

·ì϶ÆÀ·Ö

9.8

·ì϶µÈ¼¶

¸ßΣ

¹¥»÷ÏòÁ¿

ÍøÂç

ËùÐèȨÏÞ

ÎÞ

ÀûÓÃÄѶÈ

µÍ

Óû§½»»¥

ÎÞ

PoC/EXP

δ¹«¿ª

ÔÚÒ°ÀûÓÃ

δ·¢ÏÖ

 

FreeBSDÊÇÒ»ÖÖÖ°ÄÜ׳´ó¡¢²»±ä¿¿µÃס¡¢¿ªÔ´×ÔÓɵÄÀàUNIX²Ù×÷ϵͳ  £¬¿í·ºÀûÓÃÓÚ·þÎñÆ÷¡¢×ÀÃæÏµÍ³ºÍǶÈëʽϵͳµÈÁìÓò ¡£ÔÚFreeBSDϵͳÖÐ  £¬bhyve ÊÇÒ»ÖÖÓ²¼þ¼¶´ËÍâÐé¹¹»¯¼¼Êõ  £¬Ò²ÊÇFreeBSDϵÄÔ­ÉúÐé¹¹»úÖÎÀíÆ÷  £¬ÎªÓû§ÌṩÁËÒ»ÖÖ¸ßЧ¡¢½Ã½ÝÇÒÒ×ÓÚÖÎÀíµÄÐé¹¹»¯½â¾ö¹æ»® ¡£

2024Äê9ÔÂ23ÈÕ  £¬28Ȧ¼¯ÍÅVSRC¼à²âµ½FreeBSD°ä²¼°²È«²¼¸æ  £¬½¨¸´ÁËFreeBSD bhyveÄ £¿éÖеÄÒ»¸öÔ½½ç¶ÁÈ¡·ì϶£¨CVE-2024-41721£©  £¬¸Ã·ì϶µÄCVSSÆÀ·ÖΪ9.8 ¡£

FreeBSDϵͳÖÐbhyveµÄXHCI·ÂÕæÖ°ÄÜÖдæÔÚ·ì϶  £¬ÓÉÓÚUSB´úÂëÖдæÔÚÌìǵÑéÖ¤²»¼°  £¬¿ÉÄܵ¼Ö¶ÑÔ½½ç¶ÁÈ¡  £¬½ø¶ø¿ÉÄܵ¼ÖÂËÁÒâдÈëºÍÔ¶³Ì´úÂëÖ´ÐÐ  £¬ÈôÊǶñÒâÈí¼þÒÔÌØÈ¨Ä£Ê½ÔÚbhyveÖÎÀíµÄÐé¹¹»ú£¨guest VM£©ÖÐÔËÐÐ  £¬Ôò¿ÉÄÜÀûÓø÷ì϶µ¼ÖÂÐé¹¹»ú¼à¿Ø·¨Ê½¹ý³Ì±ÀÀ£  £¬»òÔÚÖ÷»úÉ쵀 bhyve Óû§¿Õ¼ä¹ý³Ì£¨Í¨³£ÒÔrootȨÏÞÔËÐУ©ÖÐʵÏÖ´úÂëÖ´ÐÐ ¡£


¶þ¡¢Ó°ÏìÁìÓò

STABLE-14<= FreeBSD < 14.1-STABLE

14.1-RELEASE <= FreeBSD < 14.1-RELEASE-p5

14.0-RELEASE <= FreeBSD < 14.0-RELEASE-p11

STABLE-13<= FreeBSD < 13.4-STABLE

13.4-RELEASE <= FreeBSD < 13.4-RELEASE-p1

13.3-RELEASE <= FreeBSD < 13.3-RELEASE-p7

 

 

Èý¡¢°²È«´ëÊ©

3.1 Éý¼¶°æ±¾

Ŀǰ¸Ã·ì϶Òѽ¨¸´  £¬ÊÜÓ°ÏìÓû§¿ÉÉý¼¶µ½ÒÔÏÂFreeBSD²»±ä°æ»ò°ä²¼/°²È«·ÖÖ§ (releng)°æ±¾  £¬°ä²¼ÈÕÆÚÍíÓÚ2024-09-19 ¡£

FreeBSD stable 14£ºÉý¼¶µ½14.1-STABLE

FreeBSD releng 14.1£ºÉý¼¶µ½14.1-RELEASE-p5

FreeBSD releng 14.0£ºÉý¼¶µ½14.0-RELEASE-p11

FreeBSD stable 13£ºÉý¼¶µ½13.4-STABLE

FreeBSD releng 13.4£ºÉý¼¶µ½13.4-RELEASE-p1

FreeBSD releng 13.3£ºÉý¼¶µ½13.3-RELEASE-p7

ÏÂÔØÁ´½Ó£º

https://www.freebsd.org/where/

3.2 һʱ´ëÊ©

°ÑÎÈ  £¬bhyve ÔÚ Capsicum ɳÏäÖÐÔËÐÐ  £¬Òò¶ø¶ñÒâ´úÂëÊܵ½ bhyve ¹ý³Ì¿ÉÓÃÖ°ÄܵÄÏÞ¶È ¡£´Ë±í  £¬²»Ê¹ÓÃXHCI·ÂÕæµÄguests²»Êܸ÷ì϶ӰÏì ¡£

ÊÜÓ°ÏìÓû§Ò²¿Éͨ¹ý¶þ½øÔì²¹¶¡»òÔ´´úÂë²¹¶¡¸üÐÂÒ×Êܹ¥»÷µÄϵͳ ¡£

²Î¿¼Á´½Ó£º

https://www.freebsd.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc

3.3 ͨÓý¨Òé

l  ¶¨ÆÚ¸üÐÂϵͳ²¹¶¡  £¬Ï÷¼õϵͳ·ì϶  £¬ÌáÉý·þÎñÆ÷µÄ°²È«ÐÔ ¡£

l  ¼ÓǿϵͳºÍÍøÂçµÄ½Ó¼û½ÚÔì  £¬Åú¸Ä·À»ðǽսÊõ  £¬¹Ø¹Ø·Ç±ØÒªµÄÀûÓö˿ڻò·þÎñ  £¬Ï÷¼õ½«Î£ÏÕ·þÎñ£¨ÈçSSH¡¢RDPµÈ£©Â¶³öµ½¹«Íø  £¬Ï÷¼õ¹¥»÷Ãæ ¡£

l  ʹÓÃÆóÒµ¼¶°²È«²úÆ·  £¬ÌáÉýÆóÒµµÄÍøÂ簲ȫ»úÄÜ ¡£

l  ¼ÓǿϵͳÓû§ºÍȨÏÞÖÎÀí  £¬ÆôÓöà³É·ÖÈÏÖ¤»úÔìºÍ×îÓ×ȨÏÞ×¼Ôò  £¬Óû§ºÍÈí¼þȨÏÞӦά³ÖÔÚ×îµÍÏÞ¶È ¡£

l  ÆôÓÃÇ¿ÃÜÂëÕ½Êõ²¢ÉèÖÃΪ¶¨ÆÚÅú¸Ä ¡£

3.4 ²Î¿¼Á´½Ó

https://www.freebsd.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc

https://nvd.nist.gov/vuln/detail/CVE-2024-41721

 

ËÄ¡¢°æ±¾ÐÅÏ¢

°æ±¾

ÈÕÆÚ

±¸×¢

V1.0

2024-09-23

³õ´Î°ä²¼

 

 

Îå¡¢¸½Â¼

5.1 28Ȧ¼ò½é

28Ȧ³ÉÁ¢ÓÚ1996Äê  £¬ÊÇÓÉÁôÃÀ²©Ê¿ÑÏÍû¼ÑŮʿ´´½¨µÄ¡¢Õ¼ÓÐÆëÈ«×ÔÖ÷֪ʶ²úȨµÄÐÅÏ¢°²È«¸ß¿Æ¼¼ÆóÒµ ¡£ÊǹúÄÚ×î¾ßʵÁ¦µÄÐÅÏ¢°²È«²úÆ·¡¢°²È«·þÎñ½â¾ö¹æ»®µÄÁ캽ÆóÒµÖ®Ò» ¡£

¹«Ë¾×ܲ¿Î»ÓÚ±±¾©ÊÐÖйشåÈí¼þÔ°28Ȧ´óÏà  £¬¹«Ë¾Ô±¹¤6000ÓàÈË  £¬Ñз¢ÍŶÓ1200ÓàÈË, ¼¼Êõ·þÎñÍŶÓ1300ÓàÈË ¡£ÔÚÈ«¹ú¸÷Ê¡¡¢ÊÓ×¢×ÔÖÎÇøÉèÁ¢·ÖÖ§»ú¹¹ÁùÊ®¶à¸ö  £¬Õ¼Óи²¸ÇÈ«¹úµÄÏúÊÛϵͳ¡¢Çþ·ϵͳºÍ¼¼ÊõÖ§³Öϵͳ ¡£¹«Ë¾ÓÚ2010Äê6ÔÂ23ÈÕÔÚÀö½­ÖÐÓ×°å¹ÒÅÆÉÏÊÐ ¡££¨¹ÉƱ´úÂ룺002439£©

¶àÄêÀ´  £¬28ȦÖÂÁ¦ÓÚÌṩӵÓйú¼Ê¾ºÕùÁ¦µÄ×ÔÖ÷´´Ðµİ²È«²úÆ·ºÍ×î¼Ñʵ¼Ê·þÎñ  £¬Ô®ÊÖ¿Í»§È«ÃæÌáÉýÆäIT»ù´¡ÉèÊ©µÄ°²È«ÐԺͳö²úЧÁ¦  £¬Îª´òÔìºÍÌáÉý¹ú¼Ê»¯µÄÃñ×åÐÅÏ¢°²È«²úÒµÁì¾üÆ·ÅÆ¶ø²»Ð¸ÖÂÁ¦ ¡£

5.2 ¹ØÓÚ28Ȧ

28Ȧ°²È«Ó¦¼±ÏìÓ¦ÖÐÐÄÒѰ䲼1000¶à¸ö·ì϶¹«¸æÎ¢·çÏÕÔ¤¾¯  £¬ÎÒÃǽ«³ÖÐø¸ú×ÙÈ«Çò×îеÄÍøÂ簲ȫÊÂÎñºÍ·ì϶  £¬ÎªÆóÒµµÄÐÅÏ¢°²È«±£¼Ý»¤º½ ¡£

¹Ø×¢ÎÒÃÇ£º

image.png