FreeBSD Vulnerability Security Update Advisory (CVE-2024-41721)

Sep 24 2024

Overview

An update has been released to address vulnerabilities in FreeBSD. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-41721

FreeBSD 14.1-STABLE previous version
FreeBSD 14.1-RELEASE-p5 previous version
FreeBSD 14.0-RELEASE-p11 previous version
FreeBSD 13.4-STABLE previous version
FreeBSD 13.4-RELEASE-p1 previous version
FreeBSD 13.3-RELEASE-p7 previous version

Resolved Vulnerabilities

Insufficient boundary validation in USB code could result in out-of-bounds reads from the heap, which could lead to arbitrary writes and remote code execution (CVE-2024-41721)

Vulnerability Patches

The following product-specific Vulnerability Patches were made available in the September 19, 2024 update.
For more information on Vulnerability Patches, Please refer to the “V. Solution” section of the product-specific Referenced Sites documentation.

CVE-2024-41721

FreeBSD 14.1-STABLE version
FreeBSD 14.1-RELEASE-p5 version
FreeBSD 14.0-RELEASE-p11 version
FreeBSD 13.4-STABLE version
FreeBSD 13.4-RELEASE-p1 version
FreeBSD 13.3-RELEASE-p7 version

References

[1] CVE-2024-41721 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-41721

[2] bhyve(8) out-of-bounds read access via XHCI emulation

https://www.freebsd.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc

FreeBSD Vulnerability Security Update Advisory (CVE-2024-41721)

Ivanti Product Security Update Advisory (CVE-2024-8963)

llama.cpp Security Update Advisory (CVE-2024-42479)

Tags:

Ivanti Product Security Update Advisory (CVE-2024-8963)

llama.cpp Security Update Advisory (CVE-2024-42479)