// For flags

CVE-2020-15294

Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in Bitdefender Hypervisor Introspection (VA-9339)

Severity Score

7.0
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.

Una vulnerabilidad de Eliminación de la Optimización del Compilador o Modificación de Código Crítico de Seguridad en la función IntPeParseUnwindData() resulta en múltiples desreferencias al mismo puntero. Si el puntero es encontrado en un mapa de memoria del espacio de invitado, esto puede causar una condición de carrera en la que el código generado derivaría la misma dirección dos veces, obteniendo así valores diferentes, lo que puede conllevar a una ejecución de código arbitraria. Este problema afecta: Bitdefender Hypervisor Introspection versiones anteriores a 1.132.2

*Credits: Ilja Van Sprundel from IOActive
CVSS Scores
Attack Vector
Local
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2020-06-25 CVE Reserved
  • 2020-12-17 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-09-16 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-733: Compiler Optimization Removal or Modification of Security-critical Code
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Bitdefender
Search vendor "Bitdefender"
 Hypervisor Introspection
Search vendor "Bitdefender" for product "Hypervisor Introspection"
 < 1.132.2
Search vendor "Bitdefender" for product "Hypervisor Introspection" and version " < 1.132.2"
-
Affected