bhyve(8) virtual machine escape
https://lists.freebsd.org/pipermail/freebsd-security/2016-December/009190.html [lists.freebsd.org]
2016-12-06 23:51
For a bhyve virtual machine with more than 3GB of guest memory configured,
a malicious guest could craft device descriptors that could give it access
to the heap of the bhyve process.