Pointer Authentication Flaw in QEMU ARM Implementation
CVE-2020-10702

5.5MEDIUM

Key Information:

Vendor

The Qemu Project

Status
Qemu
Vendor
CVE Published:
4 June 2020

What is CVE-2020-10702?

A significant flaw has been identified in QEMU's implementation of Pointer Authentication (PAuth) support for ARM, introduced in version 4.0 and subsequently resolved in version 5.0.0. In this case, a failure in the signature generation process leads to all PAuth-enforced pointers being signed with the same signature. This allows a local attacker to retrieve the signature of a protected pointer and exploit this vulnerability to bypass the PAuth protection mechanisms for any programs running within the QEMU environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

qemu >= 4.0.0, < 5.0.0

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-10702
x_refsource_CONFIRM
https://git.qemu.org/?p=qemu.git%3Ba=commit%3Bh=de0b1bae6...
x_refsource_CONFIRM
https://security.netapp.com/advisory/ntap-20200724-0007/
x_refsource_CONFIRM

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.