What is CVE-2024-42416?

CVE-2024-42416 is a vulnerability in Freebsd, classified under CWE-790. Published 2024-09-05.

Is CVE-2024-42416 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Freebsd

CVE-2024-42416

The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scs…

EPSS: 0.010 (77.4th percentile) — read the EPSS interpretation.

Affected products

Freebsd — versions 14.1-RELEASE, 14.0-RELEASE, 13.3-RELEASE

Weakness classification (CWE)

CWE-790
CWE-823

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc (vendor-advisory)

Frequently asked questions

What is CVE-2024-42416?: CVE-2024-42416 is a vulnerability in Freebsd, classified under CWE-790. Published 2024-09-05.
Is CVE-2024-42416 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.