=== Capsicum and Bhyve Code Audit

Contact: Ed Maste <[email protected]>
Contact: Pierre Pronchery <[email protected]>

With the support of the link:https://alpha-omega.dev/[Alpha-Omega project], the FreeBSD Foundation undertook code audits of two important subsystems -- the bhyve hypervisor, and the Capsicum sandboxing framework.
In addition to uncovering vulnerabilities in these systems to correct, the audits look to identify classes of vulnerabilities and/or suboptimal coding practices that we can look to address across the project.

The Foundation interviewed several firms, and selected Synacktiv to perform the audit.
A number of issues with critical and high severity were identified, which have been fixed as documented in security advisories:

* link:https://www.freebsd.org/security/advisories/FreeBSD-SA-24:09.libnv.asc[FreeBSD-SA-24:09.libnv]
* link:https://www.freebsd.org/security/advisories/FreeBSD-SA-24:10.bhyve.asc[FreeBSD-SA-24:10.bhyve]
* link:https://www.freebsd.org/security/advisories/FreeBSD-SA-24:11.ctl.asc[FreeBSD-SA-24:11.ctl]
* link:https://www.freebsd.org/security/advisories/FreeBSD-SA-24:12.bhyve.asc[FreeBSD-SA-24:12.bhyve]
* link:https://www.freebsd.org/security/advisories/FreeBSD-SA-24:14.umtx.asc[FreeBSD-SA-24:14.umtx]
* link:https://www.freebsd.org/security/advisories/FreeBSD-SA-24:15.bhyve.asc[FreeBSD-SA-24:15.bhyve]
* link:https://www.freebsd.org/security/advisories/FreeBSD-SA-24:16.libnv.asc[FreeBSD-SA-24:16.libnv]

Fixes are in progress for a number of lower-severity issues.
The code audit report will be shared in the near future, after issues above a severity threshold have been addressed.
The FreeBSD Foundation will also publish a report including commentary on the impact of the Synacktiv code audit report, classes of vulnerabilities identified, and lessons learned.

More information is available in the link:https://github.com/ossf/alpha-omega/tree/main/alpha/engagements/2024/FreeBSD[Alpha-Omega repository].

Sponsor: The FreeBSD Foundation