CVE-2024-51564

bhyve(8) infinite loop in the hda audio driver

CVSS 7.5 HIGHEPSS 0.4%CWE-1285

In short

A guest operating system can cause the bhyve hypervisor's audio driver to enter an infinite loop, potentially freezing the system or consuming all CPU resources. This happens because the driver doesn't properly validate certain audio-related requests.

Technical detail

An attacker with guest OS access can trigger an infinite loop vulnerability in the bhyve hda audio driver through malformed audio device requests. The vulnerability stems from improper input validation in the audio processing logic, allowing guest-controlled data to cause unbounded iteration. Successful exploitation results in denial of service via CPU exhaustion on the host hypervisor.

Summary generated and translated by AI from the official description.

A guest can trigger an infinite loop in the hda audio driver.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected products

FreeBSD · FreeBSD

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc https://security.netapp.com/advisory/ntap-20250207-0008/