CVE-2020-7467

Description


In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped.

CvssV3 impact


BaseSeverity

HIGH

ConfidentialityImpact

HIGH

AttackComplexity

LOW

Scope

CHANGED

AttackVector

PHYSICAL

AvailabilityImpact

HIGH

IntegrityImpact

HIGH

PrivilegesRequired

NONE

BaseScore

7.6

VectorString

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Version

3.1

UserInteraction

NONE

CvssV2 impact


AccessComplexity

LOW

ConfidentialityImpact

COMPLETE

AvailabilityImpact

COMPLETE

IntegrityImpact

COMPLETE

BaseScore

7.2

VectorString

AV:L/AC:L/Au:N/C:C/I:C/A:C

Version

2.0

AccessVector

LOCAL

Authentication

NONE