SARA / Free Tools / CVE / CVE-2023-3494

CVE-2023-3494 — The fwctl driver implements a state machine which is executed when a bhyve guest

The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer o

CVSS
EPSS
19.00% (top 59.20%)
CWE
CWE-120
Published
2023-08-01T22:13:21.634Z
Last modified
2025-02-13T16:55:41.138Z
CVSS vector

01What is this vulnerability?

The fwctl driver implements a state machine which is executed when a bhyve guest accesses certain x86 I/O ports. The interface lets the guest copy a string into a buffer resident in the bhyve process' memory. A bug in the state machine implementation can result in a buffer overflowing when copying this string. Malicious, privileged software running in a guest VM can exploit the buffer overflow to…

02Affected products

VendorProductVersions
FreeBSDFreeBSD13.2-RELEASE, 13.1-RELEASE

03Active exploitation status

Not currently listed on the CISA Known Exploited Vulnerabilities (KEV) catalog. EPSS is the best forward-looking signal — see the EPSS row above.

04Recommended remediation

05Technical details

For the full vendor write-up, exploit chains, and reference implementations, see the references list in section 09.

06Detection signatures

Open the Sigma generator with a pre-filled prompt for this CVE to draft a starting detection in your stack of choice:

Open in Sigma generator →

07Related CVEs

No directly-cited follow-up CVEs in the KB record for this advisory. The references list in section 09 carries the vendor cross-references.

08Timeline

09References

Want this in your SOAR or SIEM?
SARA's API returns EPSS, CVSS, KEV, and an analyst-grade summary in one call.
Read the API reference →
EPSS detail → Search KEV → Ask SARA →