Vulnerability Details : CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.
Vulnerability category: Execute codeDenial of service
Products affected by CVE-2020-24165
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:4.2.0:-:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-24165
0.04%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 6 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-24165
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
NIST |
References for CVE-2020-24165
-
https://pastebin.com/iqCbjdT8
CVE-2020-24165 - Pastebin.comThird Party Advisory
-
https://bugs.launchpad.net/qemu/+bug/1863025
Bug #1863025 “Use-after-free after flush in TCG accelerator” : Bugs : QEMUIssue Tracking
-
https://security.netapp.com/advisory/ntap-20231006-0012/
CVE-2020-24165 QEMU Vulnerability in NetApp Products | NetApp Product SecurityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html
[SECURITY] [DLA 3604-1] qemu security updateMailing List;Third Party Advisory
Jump to