CVE-2016-1889

HIGH

FreeBSD <11.0 - Privilege Escalation

Title source: llm
STIX 2.1

Description

Integer overflow in the bhyve hypervisor in FreeBSD 10.1, 10.2, 10.3, and 11.0 when configured with a large amount of guest memory, allows local users to gain privilege via a crafted device descriptor.

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1037400
Vendor Advisory vendor-advisory x_refsource_freebsd
https://www.freebsd.org/security/advisories/FreeBSD-SA-16:38.bhyve.asc

Scores

CVSS v3 7.8
EPSS 0.0004
EPSS Percentile 13.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-190
Status published
Products (4)
freebsd/freebsd 10.1
freebsd/freebsd 10.2
freebsd/freebsd 10.3
freebsd/freebsd 11.0
Published Feb 15, 2017
Tracked Since Feb 18, 2026