TPS-2023-002 illumos#15822 bhyve fget_str buffer overflow (FreeBSD-SA-23:07)
Overview A vulnerability has been reported to the FreeBSD developers in bhyve that allows a vmm guest to overflow a buffer potentially allowing code execution outside the context of the vm.
On SmartOS, the bhyve process runs in a non-privileged zone which limits the potential impact. Stack smashing support in the illumos kernel shiped with SmartOS may also mitigate exploitation.
Actions Taken by Us This issue has been fixed in illumos#15822, and release-202300727 (platform stamp 20230804T193934Z) is now available which includes a fix for this issue.