Vulnerability Description
Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitdefender | Hypervisor Introspection | < 1.132.2 |
Related Weaknesses (CWE)
References
- https://www.bitdefender.com/support/security-advisories/compiler-optimization-reThird Party Advisory
- https://www.bitdefender.com/support/security-advisories/compiler-optimization-reThird Party Advisory
FAQ
What is CVE-2020-15294?
CVE-2020-15294 is a vulnerability with a CVSS score of 7.8 (HIGH). Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memor...
How severe is CVE-2020-15294?
CVE-2020-15294 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-15294?
Check the references section above for vendor advisories and patch information. Affected products include: Bitdefender Hypervisor Introspection.