From nobody Wed Oct 02 18:12:43 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4XJjbD1fmlz5XsqJ; Wed, 02 Oct 2024 18:12:56 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Received: from mail-io1-f42.google.com (mail-io1-f42.google.com [209.85.166.42]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (2048 bits) client-digest SHA256) (Client CN "smtp.gmail.com", Issuer "WR4" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4XJjbC5mX4z4MVN; Wed, 2 Oct 2024 18:12:55 +0000 (UTC) (envelope-from carpeddiem@gmail.com) Authentication-Results: mx1.freebsd.org; none Received: by mail-io1-f42.google.com with SMTP id ca18e2360f4ac-82aa3f65864so5238939f.2; Wed, 02 Oct 2024 11:12:55 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1727892774; x=1728497574; h=cc:to:subject:message-id:date:from:in-reply-to:references :mime-version:x-gm-message-state:from:to:cc:subject:date:message-id :reply-to; bh=L+/6xpKb/AxU7vQvZ4GN2e9sWdWmkO6Tf8XNvSWk6vA=; b=r9jmM+z4RJu88kbYsRoot6akCZJofPNV7jHj0soI9ymLBcLQFUaTi3zRS+pKKna3s9 1S032zVJP4SdFsjkTb70hmmApFMtKsek6lOMVOkQfLUtJrwWanLNitx5o+Y849+Q6OxD SdHoklOYs37yGIs4TVVT4k/MTtwKnZOhuDkD99znB/vcveqvnVjHcAmkhL/QNFtwCzKz ZKw8Z/RzLv0lx/E1qlbCgHzgLOegSG/SFsfLqLyudOpvusYshWi011Z2XOup0uveYpzu 8YZ3kepvUO+qU5Eyzb12ZFtVtT1+O5qVBD4+vui5bd+R48E9xMczgzjKewqSmnH13b/I 1n/A== X-Forwarded-Encrypted: i=1; AJvYcCUTVowraxsdZO4shdiZYklxnPo9oK1w0wd/+F8uhBb5FqYX1fVhhyVZLAheTyov1rpKUPjBDerB2xcIvHYDEp0ZAutH@freebsd.org, AJvYcCVbrO0apzp5WlUzArB7sMvGtWfgZ2uruoZyooGebEohO4n5PUmGlWCllyGblLpuywH0p3pmfWdKZ+RksRlCMghAMFqzcTE=@freebsd.org, AJvYcCVkdMgIDlI+8V/oUpnwtacwLaNdipW7D6Z+RtX+KVBAWH2HyfHz18Tybkd+MV7wyVs0KKOnXFaef4jPvWrJMcw=@freebsd.org X-Gm-Message-State: AOJu0Yw9oOcyDYfjfM1DoxqHr8evRIg5OUQBUkNmANG9rCTLGp1/XFTS wX9kk3Pf4oe0eix8yc396pFUbjDs1KJeM+83pKLmQ2WpN63xGr2tUjMwTubV7IAPK2CKZleVrg8 JlLzJk17KLlZPJxfNAk9Ciynm2nJu7/ri X-Google-Smtp-Source: AGHT+IFggk7fMBkhf7XsH6uQ2ftBwyjHUJKO/e2pkOBXQDY9du1UssSrK4WKTBI9MmDhfeS6ucD7gFUora8uPXD7EmM= X-Received: by 2002:a05:6602:6b09:b0:82a:2143:8 with SMTP id ca18e2360f4ac-834d848471bmr485622439f.10.1727892774286; Wed, 02 Oct 2024 11:12:54 -0700 (PDT) List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 References: <202410021645.492Gj4Sb035939@gitrepo.freebsd.org> <20241002165318.AA05628D@slippy.cwsent.com> In-Reply-To: <20241002165318.AA05628D@slippy.cwsent.com> From: Ed Maste Date: Wed, 2 Oct 2024 14:12:43 -0400 Message-ID: Subject: Re: git: 51fda658baa3 - main - vmm: Properly handle writes spanning across two pages in vm_handle_db To: Cy Schubert Cc: =?UTF-8?Q?Bojan_Novkovi=C4=87?= , src-committers@freebsd.org, dev-commits-src-all@freebsd.org, dev-commits-src-main@freebsd.org Content-Type: text/plain; charset="UTF-8" X-Rspamd-Pre-Result: action=no action; module=replies; Message is reply to one we originated X-Spamd-Result: default: False [-4.00 / 15.00]; REPLY(-4.00)[]; ASN(0.00)[asn:15169, ipnet:209.85.128.0/17, country:US] X-Rspamd-Queue-Id: 4XJjbC5mX4z4MVN X-Spamd-Bar: ---- On Wed, 2 Oct 2024 at 12:53, Cy Schubert wrote: > > > vmm: Properly handle writes spanning across two pages in vm_handle_db > > > > ... > > Security: HYP-09 > > Where can we find this vulnerability documented? With support from the Alpha-Omega project the FreeBSD Foundation commissioned Synacktiv to perform a code audit of two FreeBSD subsystems: bhyve (kernel vmm and userspace device models), and kernel code reachable from within a Capsicum sandbox. These HYP-* and CAP-* tags reference vulnerabilities in the Synacktiv report. Recent SAs (SA-24:09.libnv, SA-24:10.bhyve, SA-24:11.ctl, SA-24:12.bhyve, SA-24:14.umtx, SA-24:15.bhyve) are fixes for issues identified as "critical" or "high" severity. Remaining issues are "medium" or lower severity. The report will be made public after the appropriate issues have been addressed.