Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in Bitdefender Hypervisor Introspection (VA-9339)
CVE-2020-15294

7.8HIGH

Key Information:

Vendor: Bitdefender
Status: Hypervisor Introspection
Vendor: CVE Published:; 17 December 2020

🔔 Create Bitdefender Vulnerability Alert

What is CVE-2020-15294?

Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.

Affected Version(s)

Hypervisor Introspection < 1.132.2

References

https://www.bitdefender.com/support/security-advisories/c...

x_refsource_MISC

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 17, 2020
Vulnerability Reserved
Jun 25, 2020

Credit

Ilja Van Sprundel from IOActive