{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-24165", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-04T15:05:11.905Z", "dateReserved": "2020-08-13T00:00:00", "datePublished": "2023-08-28T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-05-14T20:27:42.455290"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties."}], "tags": ["disputed"], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://bugs.launchpad.net/qemu/+bug/1863025"}, {"url": "https://pastebin.com/iqCbjdT8"}, {"name": "[debian-lts-announce] 20231005 [SECURITY] [DLA 3604-1] qemu security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"}, {"url": "https://security.netapp.com/advisory/ntap-20231006-0012/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T15:05:11.905Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugs.launchpad.net/qemu/+bug/1863025", "tags": ["x_transferred"]}, {"url": "https://pastebin.com/iqCbjdT8", "tags": ["x_transferred"]}, {"name": "[debian-lts-announce] 20231005 [SECURITY] [DLA 3604-1] qemu security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"}, {"url": "https://security.netapp.com/advisory/ntap-20231006-0012/", "tags": ["x_transferred"]}]}]}, "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:qemu:qemu:4.2.0:-:*:*:*:*:*:*", "matchCriteriaId": "CDE16B6A-E20D-4EA2-998A-41752B95EB14", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [{"sourceIdentifier": "cve@mitre.org", "tags": ["disputed"]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties."}], "id": "CVE-2020-24165", "lastModified": "2024-11-21T05:14:27.710", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-28T21:15:07.510", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugs.launchpad.net/qemu/+bug/1863025"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://pastebin.com/iqCbjdT8"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20231006-0012/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://bugs.launchpad.net/qemu/+bug/1863025"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2023/10/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://pastebin.com/iqCbjdT8"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20231006-0012/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "QEMU: use-after-free in TCG accelerator can lead to local privilege escalation", "id": "2235745", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235745"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.4", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-416", "details": ["An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.", "A use-after-free vulnerability was found in the Tiny Code Generator (TCG) Accelerator in QEMU, where the TCG generated code can be in the same memory as the TB data structure. This flaw allows attackers to overwrite the UAF pointer with code produced from TCG and rewrite key pointer values, possibly leading to local privilege escalation and enabling code execution on the host outside of the TCG sandbox."], "name": "CVE-2020-24165", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "qemu-kvm-ma", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "virt:rhel/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:advanced_virtualization:8::el8", "fix_state": "Not affected", "package_name": "virt:av/qemu-kvm", "product_name": "Red Hat Enterprise Linux 8 Advanced Virtualization"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "qemu-kvm", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2023-08-28T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-24165\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-24165\nhttps://bugs.launchpad.net/qemu/+bug/1863025"], "statement": "RHEL/QEMU is neither built with TCG Accelerator, nor any layered products that use it.\nBugs affecting the Tiny Code Generator (TCG) cannot be considered as security issues in QEMU as per https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case.", "threat_severity": "Important", "upstream_fix": "qemu 5.0.0-rc0"}