CVE-2024-51563 (Critical) detected in src3.1.5

[mend-bolt-for-github[bot]]

CVE-2024-51563 - Critical Severity Vulnerability

Vulnerable Library - src3.1.5

MidnightBSD OS source code

Library home page: https://github.com/MidnightBSD/src.git

Found in base branch: stable/3.2

Vulnerable Source Files (1)

Vulnerability Details

The virtio_vq_recordon function is subject to a time-of-check to time-of-use (TOCTOU) race condition.

Publish Date: 2024-11-12

URL: CVE-2024-51563

CVSS 3 Score Details (9.1)

Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: High - Integrity Impact: High - Availability Impact: None

For more information on CVSS3 Scores, click here.

Suggested Fix

Type: Upgrade version

Origin: https://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.asc

Release Date: 2024-11-12

Fix Resolution: 86ba5941b132

---

Step up your Open Source Security Game with Mend here