cvelistv5 - CVE-2020-15294

CVE-2020-15294 (GCVE-0-2020-15294)

Vulnerability from cvelistv5 – Published: 2020-12-17 16:50 – Updated: 2024-09-16 19:40

Summary

Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-733 - Compiler Optimization Removal or Modification of Security-critical Code

Assigner

Bitdefender

References

URL

Tags

https://www.bitdefender.com/support/security-advi…

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	Bitdefender	Hypervisor Introspection	Affected: unspecified , < 1.132.2 (custom)

Credits

Ilja Van Sprundel from IOActive

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T13:15:19.042Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "Hypervisor Introspection",
          "vendor": "Bitdefender",
          "versions": [
            {
              "lessThan": "1.132.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Ilja Van Sprundel from IOActive"
        }
      ],
      "datePublic": "2020-12-17T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-733",
              "description": "CWE-733: Compiler Optimization Removal or Modification of Security-critical Code",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-12-17T16:50:18",
        "orgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
        "shortName": "Bitdefender"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/"
        }
      ],
      "solutions": [
        {
          "lang": "en",
          "value": "The issue has been fixed in Introcore 1.132.2."
        }
      ],
      "source": {
        "defect": [
          "VA-9339"
        ],
        "discovery": "EXTERNAL"
      },
      "title": "Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in Bitdefender Hypervisor Introspection (VA-9339)",
      "x_generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-requests@bitdefender.com",
          "DATE_PUBLIC": "2020-12-17T19:00:00.000Z",
          "ID": "CVE-2020-15294",
          "STATE": "PUBLIC",
          "TITLE": "Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in Bitdefender Hypervisor Introspection (VA-9339)"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "Hypervisor Introspection",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "1.132.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Bitdefender"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Ilja Van Sprundel from IOActive"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2."
            }
          ]
        },
        "generator": {
          "engine": "Vulnogram 0.0.9"
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-733: Compiler Optimization Removal or Modification of Security-critical Code"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/",
              "refsource": "MISC",
              "url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/"
            }
          ]
        },
        "solution": [
          {
            "lang": "en",
            "value": "The issue has been fixed in Introcore 1.132.2."
          }
        ],
        "source": {
          "defect": [
            "VA-9339"
          ],
          "discovery": "EXTERNAL"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b3d5ebe7-963e-41fb-98e1-2edaeabb8f82",
    "assignerShortName": "Bitdefender",
    "cveId": "CVE-2020-15294",
    "datePublished": "2020-12-17T16:50:18.250326Z",
    "dateReserved": "2020-06-25T00:00:00",
    "dateUpdated": "2024-09-16T19:40:28.161Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:bitdefender:hypervisor_introspection:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.132.2\", \"matchCriteriaId\": \"DBE339FF-189B-407E-9801-E406DE2CCA17\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de Eliminaci\\u00f3n de la Optimizaci\\u00f3n del Compilador o Modificaci\\u00f3n de C\\u00f3digo Cr\\u00edtico de Seguridad en la funci\\u00f3n IntPeParseUnwindData() resulta en m\\u00faltiples desreferencias al mismo puntero. Si el puntero es encontrado en un mapa de memoria del espacio de invitado, esto puede causar una condici\\u00f3n de carrera en la que el c\\u00f3digo generado derivar\\u00eda la misma direcci\\u00f3n dos veces, obteniendo as\\u00ed valores diferentes, lo que puede conllevar a una ejecuci\\u00f3n de c\\u00f3digo arbitraria. Este problema afecta: Bitdefender Hypervisor Introspection versiones anteriores a 1.132.2\"}]",
      "id": "CVE-2020-15294",
      "lastModified": "2024-11-21T05:05:15.983",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"cve-requests@bitdefender.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.0, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.0, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.4, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-12-17T17:15:12.987",
      "references": "[{\"url\": \"https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/\", \"source\": \"cve-requests@bitdefender.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
      "sourceIdentifier": "cve-requests@bitdefender.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"cve-requests@bitdefender.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-733\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-15294\",\"sourceIdentifier\":\"cve-requests@bitdefender.com\",\"published\":\"2020-12-17T17:15:12.987\",\"lastModified\":\"2024-11-21T05:05:15.983\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de Eliminaci\u00f3n de la Optimizaci\u00f3n del Compilador o Modificaci\u00f3n de C\u00f3digo Cr\u00edtico de Seguridad en la funci\u00f3n IntPeParseUnwindData() resulta en m\u00faltiples desreferencias al mismo puntero. Si el puntero es encontrado en un mapa de memoria del espacio de invitado, esto puede causar una condici\u00f3n de carrera en la que el c\u00f3digo generado derivar\u00eda la misma direcci\u00f3n dos veces, obteniendo as\u00ed valores diferentes, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria. Este problema afecta: Bitdefender Hypervisor Introspection versiones anteriores a 1.132.2\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"cve-requests@bitdefender.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.0,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":4.4,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"cve-requests@bitdefender.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-733\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:bitdefender:hypervisor_introspection:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.132.2\",\"matchCriteriaId\":\"DBE339FF-189B-407E-9801-E406DE2CCA17\"}]}]}],\"references\":[{\"url\":\"https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/\",\"source\":\"cve-requests@bitdefender.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]}]}}"
  }
}

FKIE_CVE-2020-15294

Vulnerability from fkie_nvd - Published: 2020-12-17 17:15 - Updated: 2024-11-21 05:05

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.0 (High) - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

	URL	Tags
	cve-requests@bitdefender.com	https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/	Third Party Advisory
	af854a3a-2127-422b-91ae-364da2661108	https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/	Third Party Advisory

Impacted products

	Vendor	Product	Version
	bitdefender	hypervisor_introspection	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:bitdefender:hypervisor_introspection:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBE339FF-189B-407E-9801-E406DE2CCA17",
              "versionEndExcluding": "1.132.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2."
    },
    {
      "lang": "es",
      "value": "Una vulnerabilidad de Eliminaci\u00f3n de la Optimizaci\u00f3n del Compilador o Modificaci\u00f3n de C\u00f3digo Cr\u00edtico de Seguridad en la funci\u00f3n IntPeParseUnwindData() resulta en m\u00faltiples desreferencias al mismo puntero. Si el puntero es encontrado en un mapa de memoria del espacio de invitado, esto puede causar una condici\u00f3n de carrera en la que el c\u00f3digo generado derivar\u00eda la misma direcci\u00f3n dos veces, obteniendo as\u00ed valores diferentes, lo que puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitraria. Este problema afecta: Bitdefender Hypervisor Introspection versiones anteriores a 1.132.2"
    }
  ],
  "id": "CVE-2020-15294",
  "lastModified": "2024-11-21T05:05:15.983",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "cve-requests@bitdefender.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.0,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.0,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-12-17T17:15:12.987",
  "references": [
    {
      "source": "cve-requests@bitdefender.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/"
    }
  ],
  "sourceIdentifier": "cve-requests@bitdefender.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-733"
        }
      ],
      "source": "cve-requests@bitdefender.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-MQRH-3J77-M2CW

Vulnerability from github – Published: 2022-05-24 17:36 – Updated: 2022-05-24 17:36

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-15294"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-12-17T17:15:00Z",
    "severity": "HIGH"
  },
  "details": "Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.",
  "id": "GHSA-mqrh-3j77-m2cw",
  "modified": "2022-05-24T17:36:44Z",
  "published": "2022-05-24T17:36:44Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15294"
    },
    {
      "type": "WEB",
      "url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-15294

Vulnerability from gsd - Updated: 2023-12-13 01:21

Details

Aliases

CVE-2020-15294

Aliases

CVE-2020-15294

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-15294",
    "description": "Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.",
    "id": "GSD-2020-15294"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-15294"
      ],
      "details": "Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.",
      "id": "GSD-2020-15294",
      "modified": "2023-12-13T01:21:43.864158Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve-requests@bitdefender.com",
        "DATE_PUBLIC": "2020-12-17T19:00:00.000Z",
        "ID": "CVE-2020-15294",
        "STATE": "PUBLIC",
        "TITLE": "Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in Bitdefender Hypervisor Introspection (VA-9339)"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Hypervisor Introspection",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "1.132.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Bitdefender"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "Ilja Van Sprundel from IOActive"
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-733: Compiler Optimization Removal or Modification of Security-critical Code"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/",
            "refsource": "MISC",
            "url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/"
          }
        ]
      },
      "solution": [
        {
          "lang": "eng",
          "value": "The issue has been fixed in Introcore 1.132.2."
        }
      ],
      "source": {
        "defect": [
          "VA-9339"
        ],
        "discovery": "EXTERNAL"
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:bitdefender:hypervisor_introspection:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "1.132.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve-requests@bitdefender.com",
          "ID": "CVE-2020-15294"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/",
              "refsource": "MISC",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.0,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.0,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-12-22T20:41Z",
      "publishedDate": "2020-12-17T17:15Z"
    }
  }
}

CNVD-2021-03037

Vulnerability from cnvd - Published: 2021-01-14

Title

Bitdefender Hypervisor Introspection代码执行漏洞

Description

Bidefender Hypervisor Introspection（HVI）是罗马尼亚Bidefender公司的一款处于Hypervisor层利用Xen和KVM虚拟机管理程序中的虚拟机自检API来检查运行中的虚拟机内存安全的软件。该软件通过虚拟化内存管理单元（MMU）的扩展页表（EPT）级别来阻止异常内存内的代码执行，通过应用安全逻辑，HVI搜索攻击技术，例如缓冲区溢出，堆喷射和代码注入，以在攻击者获得目标系统的立足点之前检测并阻止恶意活动。 Bitdefender Hypervisor Introspection 1.132.2之前版本存在代码执行漏洞，该漏洞源于IntPeParseUnwindData()中的编译器优化删除或修改安全关键代码漏洞会导致对同一指针的多次解引用。这可能导致任意代码执行。目前没有详细漏洞细节提供。

Severity

中

Patch Name

Bitdefender Hypervisor Introspection代码执行漏洞的补丁

Patch Description

Formal description

厂商已发布了漏洞修复程序，请及时关注更新：https://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-15294

Impacted products

Name
Bitdefender Bitdefender Hypervisor Introspection <1.132.2

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-15294",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-15294"
    }
  },
  "description": "Bidefender Hypervisor Introspection\uff08HVI\uff09\u662f\u7f57\u9a6c\u5c3c\u4e9aBidefender\u516c\u53f8\u7684\u4e00\u6b3e\u5904\u4e8eHypervisor\u5c42\u5229\u7528Xen\u548cKVM\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e2d\u7684\u865a\u62df\u673a\u81ea\u68c0API\u6765\u68c0\u67e5\u8fd0\u884c\u4e2d\u7684\u865a\u62df\u673a\u5185\u5b58\u5b89\u5168\u7684\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u901a\u8fc7\u865a\u62df\u5316\u5185\u5b58\u7ba1\u7406\u5355\u5143\uff08MMU\uff09\u7684\u6269\u5c55\u9875\u8868\uff08EPT\uff09\u7ea7\u522b\u6765\u963b\u6b62\u5f02\u5e38\u5185\u5b58\u5185\u7684\u4ee3\u7801\u6267\u884c\uff0c\u901a\u8fc7\u5e94\u7528\u5b89\u5168\u903b\u8f91\uff0cHVI\u641c\u7d22\u653b\u51fb\u6280\u672f\uff0c\u4f8b\u5982\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u5806\u55b7\u5c04\u548c\u4ee3\u7801\u6ce8\u5165\uff0c\u4ee5\u5728\u653b\u51fb\u8005\u83b7\u5f97\u76ee\u6807\u7cfb\u7edf\u7684\u7acb\u8db3\u70b9\u4e4b\u524d\u68c0\u6d4b\u5e76\u963b\u6b62\u6076\u610f\u6d3b\u52a8\u3002\n\nBitdefender Hypervisor Introspection 1.132.2\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eIntPeParseUnwindData()\u4e2d\u7684\u7f16\u8bd1\u5668\u4f18\u5316\u5220\u9664\u6216\u4fee\u6539\u5b89\u5168\u5173\u952e\u4ee3\u7801\u6f0f\u6d1e\u4f1a\u5bfc\u81f4\u5bf9\u540c\u4e00\u6307\u9488\u7684\u591a\u6b21\u89e3\u5f15\u7528\u3002\u8fd9\u53ef\u80fd\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1ahttps://www.bitdefender.com/support/security-advisories/compiler-optimization-removal-modification-security-critical-code-vulnerability-bitdefender-hypervisor-introspection-va-9339/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-03037",
  "openTime": "2021-01-14",
  "patchDescription": "Bidefender Hypervisor Introspection\uff08HVI\uff09\u662f\u7f57\u9a6c\u5c3c\u4e9aBidefender\u516c\u53f8\u7684\u4e00\u6b3e\u5904\u4e8eHypervisor\u5c42\u5229\u7528Xen\u548cKVM\u865a\u62df\u673a\u7ba1\u7406\u7a0b\u5e8f\u4e2d\u7684\u865a\u62df\u673a\u81ea\u68c0API\u6765\u68c0\u67e5\u8fd0\u884c\u4e2d\u7684\u865a\u62df\u673a\u5185\u5b58\u5b89\u5168\u7684\u8f6f\u4ef6\u3002\u8be5\u8f6f\u4ef6\u901a\u8fc7\u865a\u62df\u5316\u5185\u5b58\u7ba1\u7406\u5355\u5143\uff08MMU\uff09\u7684\u6269\u5c55\u9875\u8868\uff08EPT\uff09\u7ea7\u522b\u6765\u963b\u6b62\u5f02\u5e38\u5185\u5b58\u5185\u7684\u4ee3\u7801\u6267\u884c\uff0c\u901a\u8fc7\u5e94\u7528\u5b89\u5168\u903b\u8f91\uff0cHVI\u641c\u7d22\u653b\u51fb\u6280\u672f\uff0c\u4f8b\u5982\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u5806\u55b7\u5c04\u548c\u4ee3\u7801\u6ce8\u5165\uff0c\u4ee5\u5728\u653b\u51fb\u8005\u83b7\u5f97\u76ee\u6807\u7cfb\u7edf\u7684\u7acb\u8db3\u70b9\u4e4b\u524d\u68c0\u6d4b\u5e76\u963b\u6b62\u6076\u610f\u6d3b\u52a8\u3002\r\n\r\nBitdefender Hypervisor Introspection 1.132.2\u4e4b\u524d\u7248\u672c\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eIntPeParseUnwindData()\u4e2d\u7684\u7f16\u8bd1\u5668\u4f18\u5316\u5220\u9664\u6216\u4fee\u6539\u5b89\u5168\u5173\u952e\u4ee3\u7801\u6f0f\u6d1e\u4f1a\u5bfc\u81f4\u5bf9\u540c\u4e00\u6307\u9488\u7684\u591a\u6b21\u89e3\u5f15\u7528\u3002\u8fd9\u53ef\u80fd\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Bitdefender Hypervisor Introspection\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Bitdefender Bitdefender Hypervisor Introspection \u003c1.132.2"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-15294",
  "serverity": "\u4e2d",
  "submitTime": "2020-12-18",
  "title": "Bitdefender Hypervisor Introspection\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-15294 (GCVE-0-2020-15294)

FKIE_CVE-2020-15294

GHSA-MQRH-3J77-M2CW

GSD-2020-15294

CNVD-2021-03037

Tags

Sightings

Nomenclature