Guest-Induced Infinite Loop in Windows NVMe.sys Queue Processing
CVE-2024-51566 Published on November 12, 2024
bhyve(8) NVMe driver to guest-induced infinite loops.
The NVMe driver queue processing is vulernable to guest-induced infinite loops.
Vulnerability Analysis
CVE-2024-51566 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity, and a small impact on availability.
Weakness Type
Improper Validation of Specified Index, Position, or Offset in Input
The product receives input that is expected to specify an index, position, or offset into an indexable resource such as a buffer or file, but it does not validate or incorrectly validates that the specified index/position/offset has the required properties.
Products Associated with CVE-2024-51566
Want to know whenever a new CVE is published for FreeBSD? stack.watch will email you.
Affected Versions
FreeBSD:- Version 14.1-RELEASE and below p6 is affected.
- Version 13.4-RELEASE and below p2 is affected.
- Version 13.3-RELEASE and below p8 is affected.
- Before * is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.