Main Vulnerability Database SB2020052504

SB2020052504 - Authentication bypass in QEMU

Published: May 25, 2020

Security Bulletin ID SB2020052504

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Local access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2020-10702)

The vulnerability allows a local user to bypass authentication.

The vulnerability exists due to usage of a weak signature algorithm within the /arm/pauth_helper.c in Pointer Authentication support for ARM. A local user can bypass PAuth and gain unauthorized access to resources on the system.

Remediation

Install update from vendor's website.

References

https://usn.ubuntu.com/4372-1/
https://security-tracker.debian.org/tracker/CVE-2020-10702
https://bugs.launchpad.net/qemu/+bug/1859713
https://git.qemu.org/?p=qemu.git;a=commit;h=de0b1bae6461f67243282555475f88b2384a1eb9