CVE-2024-5156512.11.2024, 15:15The hda driver is vulnerable to a buffer over-read from a guest-controlled value.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST6.5 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LfreebsdCNA------CISA-ADPADP6.5 MEDIUMNETWORKLOWNONECVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:LCVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 24%Common Weakness EnumerationCWE-125 - Out-of-bounds ReadThe software reads data past the end, or before the beginning, of the intended buffer.Referenceshttps://security.freebsd.org/advisories/FreeBSD-SA-24:17.bhyve.aschttps://security.netapp.com/advisory/ntap-20250207-0008/