What is CVE-2024-8178?

CVE-2024-8178 is a vulnerability in Freebsd, classified under Use of Uninitialized Resource. Published 2024-09-05.

Is CVE-2024-8178 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Freebsd

CVE-2024-8178

The ctl_write_buffer and ctl_read_buffer functions allocated memory to be returned to userspace, without initializing it. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code ex…

EPSS: 0.030 (86.7th percentile) — read the EPSS interpretation.

Affected products

Freebsd — versions 14.1-RELEASE, 14.0-RELEASE, 13.3-RELEASE

Weakness classification (CWE)

CWE-908 — Use of Uninitialized Resource
CWE-909

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

security.freebsd.org/advisories/FreeBSD-SA-24:11.ctl.asc (vendor-advisory)

Frequently asked questions

What is CVE-2024-8178?: CVE-2024-8178 is a vulnerability in Freebsd, classified under Use of Uninitialized Resource. Published 2024-09-05.
Is CVE-2024-8178 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.