CVE-2020-24165

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2020-24165
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.0 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://bugs.launchpad.net/qemu/+bug/1863025 Issue Tracking
https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html Mailing List Third Party Advisory
https://pastebin.com/iqCbjdT8 Third Party Advisory
https://security.netapp.com/advisory/ntap-20231006-0012/ Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:qemu:qemu:4.2.0:-:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
History

14 May 2024, 21:15

Type Values Removed Values Added
Summary (en) An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). (en) An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.

13 Oct 2023, 01:17

Type Values Removed Values Added
References (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html - (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html - Mailing List, Third Party Advisory
References (CONFIRM) https://security.netapp.com/advisory/ntap-20231006-0012/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20231006-0012/ - Third Party Advisory
First Time Debian debian Linux
Debian
CPE cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

06 Oct 2023, 15:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20231006-0012/ -

05 Oct 2023, 18:15

Type Values Removed Values Added
References
  • (MLIST) https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html -

01 Sep 2023, 15:06

Type Values Removed Values Added
References (MISC) https://bugs.launchpad.net/qemu/+bug/1863025 - (MISC) https://bugs.launchpad.net/qemu/+bug/1863025 - Issue Tracking
References (MISC) https://pastebin.com/iqCbjdT8 - (MISC) https://pastebin.com/iqCbjdT8 - Third Party Advisory
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
First Time Qemu
Qemu qemu
CPE cpe:2.3:a:qemu:qemu:4.2.0:-:*:*:*:*:*:*
CWE NVD-CWE-noinfo

28 Aug 2023, 21:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-08-28 21:15

Updated : 2024-08-04 15:16

NVD link : CVE-2020-24165

Mitre link : CVE-2020-24165

CVE.ORG link : CVE-2020-24165

JSON object : View

Products Affected

debian

  • debian_linux

qemu

  • qemu
CWE
NVD-CWE-noinfo

NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024