CVE-2024-41721 refers to a vulnerability in FreeBSD’s USB subsystem, specifically related to the XHCI (eXtensible Host Controller Interface) emulation in the bhyve hypervisor. The flaw arises from insufficient boundary validation, leading to an out-of-bounds read on the heap. This vulnerability can potentially allow an attacker to perform arbitrary writes and execute remote code.
Affected versions of FreeBSD include:
- 14.1-RELEASE before p5
- 14.0-RELEASE before p11
- 13.4-RELEASE before p1
- 13.3-RELEASE before p7
Patches have been released to mitigate the vulnerability, and users are advised to update their systems promptly to avoid exploitation.
See more details on: