How severe is CVE-2024-42416?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.4 out of 10.

What type of vulnerability is CVE-2024-42416?

This is classified as CWE-790, which is a common weakness in software security.

CVE-2024-42416 - HIGH Severity | CVSS 8.4

Vulnerability Description

The ctl_report_supported_opcodes function did not sufficiently validate a field provided by userspace, allowing an arbitrary write to a limited amount of kernel help memory. Malicious software running in a guest VM that exposes virtio_scsi can exploit the vulnerabilities to achieve code execution on the host in the bhyve userspace process, which typically runs as root. Note that bhyve runs in a Capsicum sandbox, so malicious code is constrained by the capabilities available to the bhyve process. A malicious iSCSI initiator could achieve remote code execution on the iSCSI target host.

Related Vulnerabilities

CVE-2021-43802

HIGH

CVSS:8.8(High)

Etherpad is a real-time collaborative editor. In versions prior to 1.8.16, an attacker can craft an `*.etherpad` file that, when imported, might allow the attacker to gain admin privileges for the Eth...

CWE-7902021

CVE-2024-31616

HIGH

CVSS:8.8(High)

An issue discovered in RG-RSR10-01G-T(W)-S and RG-RSR10-01G-T(WA)-S routers with firmware version RSR10-01G-T-S_RSR_3.0(1)B9P2, Release(07150910) allows attackers to execute arbitrary code via the com...

CWE-7902024

CVE-2023-22578

CRITICAL

CVSS:9.8(Critical)

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.

CWE-7902023

CVE-2023-45239

CRITICAL

CVSS:9.8(Critical)

A lack of input validation exists in tac_plus prior to commit 4fdf178 which, when pre or post auth commands are enabled, allows an attacker who can control the username, rem-addr, or NAC address sent ...

CWE-7902023

CVE-2024-47984

MEDIUM

CVSS:6.5(Medium)

Dell RecoverPoint for Virtual Machines 6.0.x contains Denial of Service vulnerability. A User with Remote access could potentially exploit this vulnerability, leading to the disruption of most functio...

CWE-7902024

CVE-2023-22578

CRITICAL

CVSS:9.8(Critical)

Due to improper artibute filtering in the sequalize js library, can a attacker peform SQL injections.

CWE-7902023