CVE-2020-10702
Summary
| CVE | CVE-2020-10702 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2020-06-04 18:15:00 UTC |
| Updated | 2023-11-07 03:14:00 UTC |
| Description | A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU. |
Risk And Classification
Problem Types: NVD-CWE-Other
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| git.qemu.org Git - qemu.git/commit | git.qemu.org | ||
| 1809948 – (CVE-2020-10702) CVE-2020-10702 qemu: weak signature generation in Pointer Authentication support for ARM | CONFIRM | bugzilla.redhat.com | Issue Tracking, Third Party Advisory |
| CVE-2020-10702 QEMU Vulnerability in NetApp Products | NetApp Product Security | CONFIRM | security.netapp.com | |
| git.qemu.org Git - qemu.git/commit | CONFIRM | git.qemu.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.