TPS-2018-008 Insufficient bounds checking in bhyve(8) device model (CVE-2018-17160)

Overview

This vulnerability, CVE-2018-17160, was detected and remediated by the FreeBSD community, as detailed in their disclosure.

The issue was caused by insufficient bounds checking for one of the emulated virtual devices. The vulnerability could be exploited to permit a guest operating system to overwrite memory in the bhyve(8) processing, making it possible to execute arbitrary code on the host.

Actions Taken by Joyent

The upstream fix in the FreeBSD bhyve project has been merged into SmartOS and made available for all Triton and SmartOS users in the latest platform image release, 20181206T011455Z.

Actions You Need to Take

Triton Enterprise Software Users

Not all device types are vulnerable to this issue. Please review the conditions and workaround mentioned in the FreeBSD disclosure and decide if your Triton deployment is affected.

In the event that an update of the platform image is deemed necessary in your environment, please use the following command on the support channel:

sdcadm platform install --latest

For additional assistance, please contact Joyent Support.

Triton Public Cloud Users

Bhyve guest packages are not available on the Triton public cloud at this time. Users of other brands of compute instances are not affected by this issue; therefore, no action is required.

Open Source SmartOS/Triton Users

Please direct any further questions to The SmartOS Community Mailing Lists and IRC.

Support

If you are a Joyent customer and have any further questions or concerns after reading the information provided above, please contact Joyent Support.

As noted above, if you are an Open Source Triton user, please direct any further questions to the SmartOS Community Mailing Lists and IRC.