CVE-2020-7467

Description

In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped.

Related CPE's

o freebsd freebsd 11.3 -******

o freebsd freebsd 11.3 p1 ******

o freebsd freebsd 11.3 p10 ******

o freebsd freebsd 11.3 p11 ******

o freebsd freebsd 11.3 p12 ******

o freebsd freebsd 11.3 p13 ******

o freebsd freebsd 11.3 p2 ******

o freebsd freebsd 11.3 p3 ******

o freebsd freebsd 11.3 p4 ******

o freebsd freebsd 11.3 p5 ******

References

https://security.FreeBSD.org/advisories/FreeBSD-SA-20:29.bhyve_svm.asc

Vendor Advisory

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	CHANGED
AttackVector	PHYSICAL
AvailabilityImpact	HIGH
IntegrityImpact	HIGH
PrivilegesRequired	NONE
BaseScore	7.6
VectorString	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	COMPLETE
AvailabilityImpact	COMPLETE
IntegrityImpact	COMPLETE
BaseScore	7.2
VectorString	AV:L/AC:L/Au:N/C:C/I:C/A:C
Version	2.0
AccessVector	LOCAL
Authentication	NONE