8.8 - CVE-2020-24165

Executive Summary

Informations
Name	CVE-2020-24165	First vendor Publication	2023-08-28
Vendor	Cve	Last vendor Modification	2023-10-13

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Overall CVSS Score	8.8
Base Score	8.8	Environmental Score	8.8
impact SubScore	6	Temporal Score	8.8
Exploitabality Sub Score	2

Attack Vector	Local	Attack Complexity	Low
Privileges Required	Low	User Interaction	None
Scope	Changed	Confidentiality Impact	High
Integrity Impact	High	Availability Impact	High
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score	N/A	Attack Range	N/A
Cvss Impact Score	N/A	Attack Complexity	N/A
Cvss Expoit Score	N/A	Authentication	N/A
Calculate full CVSS 2.0 Vectors scores

Detail

An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS).

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-24165

CPE : Common Platform Enumeration

Type	Description	Count
Application	Qemu cpe:2.3:a:qemu:qemu:4.2.0:-::::::	1
Os	Debian Debian Linux cpe:2.3:o:debian:debian_linux:10.0:::::::*	1

Sources (Detail)

Source	Url
CONFIRM	https://security.netapp.com/advisory/ntap-20231006-0012/
MISC	https://bugs.launchpad.net/qemu/+bug/1863025 https://pastebin.com/iqCbjdT8
MLIST	https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html

Alert History

If you want to see full details history, please login or register.

Date	Informations
2023-10-13 09:27:41	Multiple Updates
2023-10-06 21:27:47	Multiple Updates
2023-10-06 00:27:38	Multiple Updates
2023-09-01 21:27:26	Multiple Updates
2023-08-29 12:59:09	Multiple Updates
2023-08-29 00:27:22	First insertion

Copyright Security-Database 2006-2024 - Powered by themself ;) in 0.0363s

Facebook rss twitter linkedin mail