Project

General

Profile

Actions

Bug #14625

closed

Bhyve e82545 device emulation out-of-bounds write

Added by Andy Fiddaman 4 months ago. Updated 4 months ago.

Status:
Closed
Priority:
High
Assignee:
Category:
bhyve
Start date:
Due date:
% Done:

100%

Estimated time:
Difficulty:
Bite-size
Tags:
Gerrit CR:

Description

FreeBSD have published a security advisory relating to the emulated e1000 network adapter provided by bhyve

https://www.freebsd.org/security/advisories/FreeBSD-SA-22:05.bhyve.asc

Upstream commit: https://github.com/freebsd/freebsd-src/commit/b0aa20bec5db244980a0248e24dd6b8e1e68c4d0

Actions #1

Updated by Electric Monk 4 months ago

  • Gerrit CR set to 2105
Actions #2

Updated by Andy Fiddaman 4 months ago

  • Description updated (diff)
Actions #3

Updated by Andy Fiddaman 4 months ago

I've booted a virtual machine which uses an emulated e1000g interface under bhyve with this patch. It works and I was able to transfer data across the network as before.

In addition to doing DNS lookups and transfers with SCP, I also ran iperf in UDP and TCP modes to send sustained traffic and the performance was the same as before the patch.

Actions #4

Updated by Electric Monk 4 months ago

  • Status changed from In Progress to Closed
  • % Done changed from 0 to 100

git commit 7271f09891bb39b64f2a58632c92c1456ed9cf31

commit  7271f09891bb39b64f2a58632c92c1456ed9cf31
Author: Andy Fiddaman <omnios@citrus-it.co.uk>
Date:   2022-04-06T17:40:49.000Z

    14625 Bhyve e82545 device emulation out-of-bounds write
    Reviewed by: Jason King <jason.brian.king+illumos@gmail.com>
    Reviewed by: Toomas Soome <tsoome@me.com>
    Approved by: Dan McDonald <danmcd@joyent.com>

Actions

Also available in: Atom PDF