Back

Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in Bitdefender Hypervisor Introspection (VA-9339)

Publication date: December 17th, 2020

CVE ID:

CVE-2020-15294

CVSS scrore:

7.8 - https://www.first.org/cvss/calculator/3.0#CVSS:3.0/ACVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected vendors:

Bitdefender

Affected products:

Bitdefender Hypervisor Introspection

Vulnerability details:

Compiler Optimization Removal or Modification of Security-Critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution.

This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.

Additional details:

The issue has been fixed in Introcore 1.132.2.

Credit:

Ilja Van Sprundel from IOActive