FreeBSD security vulnerability (CVE-2024-41721)

CVE-2024-41721 refers to a vulnerability in FreeBSD’s USB subsystem, specifically related to the XHCI (eXtensible Host Controller Interface) emulation in the bhyve hypervisor. The flaw arises from insufficient boundary validation, leading to an out-of-bounds read on the heap. This vulnerability can potentially allow an attacker to perform arbitrary writes and execute remote code.

Affected versions of FreeBSD include:

  • 14.1-RELEASE before p5 
  • 14.0-RELEASE before p11 
  • 13.4-RELEASE before p1 
  • 13.3-RELEASE before p7 

Patches have been released to mitigate the vulnerability, and users are advised to update their systems promptly to avoid exploitation.

See more details on: