SB2020081904 - Multiple vulnerabilities in Parallels Desktop

Security Bulletin ID SB2020081904

CSH Severity

Low

Patch available

YES

Number of vulnerabilities 11

Exploitation vector Local access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 11 vulnerabilities.

1) Incorrect permission assignment for critical resource (CVE-ID: CVE-2020-17402)

CWE-ID: CWE-732 - Incorrect Permission Assignment for Critical Resource

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists due to an error within the prl_hypervisor kext. A local user can view contents of a log file and gain access to sensitive information.

2) Out-of-bounds read (CVE-ID: CVE-2020-17401)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the VGA virtual device. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.

3) Out-of-bounds read (CVE-ID: CVE-2020-17400)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote attacker to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the prl_hypervisor kext. A local user to run a specially crafted program to trigger out-of-bounds read error and execute arbitrary code in the context of the hypervisor.

4) Out-of-bounds write (CVE-ID: CVE-2020-17399)

CWE-ID: CWE-787 - Out-of-bounds write

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary error when processing untrusted input within the prl_hypervisor kext. A local user can run a specially crafted program to trigger out-of-bounds write and execute arbitrary code in the context of the kernel.

5) Out-of-bounds read (CVE-ID: CVE-2020-17398)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the prl_hypervisor kext. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.

6) Out-of-bounds read (CVE-ID: CVE-2020-17397)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to a boundary condition within the handling of network packets. A local user can run a specially crafted application to trigger out-of-bounds read error and in the context of the hypervisor.

7) Integer overflow (CVE-ID: CVE-2020-17396)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer overflow within the prl_hypervisor module. A local user can run a specially crafted program to trigger integer overflow and execute arbitrary code in the context of the kernel.

8) Integer underflow (CVE-ID: CVE-2020-17395)

CWE-ID: CWE-191 - Integer underflow

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to integer underflow within the prl_naptd process. A local user can run a specially crafted program to trigger integer underflow and execute arbitrary code in the context of the hypervisor.

9) Out-of-bounds read (CVE-ID: CVE-2020-17394)

CWE-ID: CWE-125 - Out-of-bounds read

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:H/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to a boundary condition within the OEMNet component. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.

10) Untrusted Pointer Dereference (CVE-ID: CVE-2020-17392)

CWE-ID: CWE-822 - Untrusted Pointer Dereference

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to untrusted pointer dereference error when handling HOST_IOCTL_SET_KERNEL_SYMBOLS in the prl_hypervisor kext. A local user to can run a specially crafted program to trigger pointer dereference and execute arbitrary code on the system in the context of the kernel.

11) Information disclosure (CVE-ID: CVE-2020-17391)

CWE-ID: CWE-200 - Exposure of sensitive information to an unauthorized actor

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to an error in handling the HOST_IOCTL_INIT_HYPERVISOR in the prl_hypervisor kext. A local user can gain unauthorized access to sensitive information on the system.

Remediation

Install update from vendor's website.

SB2020081904 - Multiple vulnerabilities in Parallels Desktop

Breakdown by Severity

Description

Remediation

References

Please verify you're human