Sign-up

ID

VAR-202008-0329


CVE

CVE-2020-15687


TITLE

ACRN Project Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2020-010570

DESCRIPTION

Missing access control restrictions in the Hypervisor component of the ACRN Project (v2.0 and v1.6.1) allow a malicious entity, with root access in the Service VM userspace, to abuse the PCIe assign/de-assign Hypercalls via crafted ioctls and payloads. This attack results in a corrupt state and Denial of Service (DoS) for previously assigned PCIe devices to the Service VM at runtime. ACRN Project There is an unspecified vulnerability in.Service operation interruption (DoS) It may be put into a state. ACRN is an open source virtual machine monitor for the Internet of Things. A security vulnerability exists in the Hypervisor component of the ACRN project

Trust: 2.16

sources: NVD: CVE-2020-15687 // JVNDB: JVNDB-2020-010570 // CNNVD: CNNVD-202008-1462

AFFECTED PRODUCTS

vendor:linuxfoundationmodel:acrnscope:eqversion:1.6.1

Trust: 1.0

vendor:linuxfoundationmodel:acrnscope:eqversion:2.0

Trust: 1.0

vendor:acrnmodel:project acrn embedded hypervisorscope:eqversion:1.6.1

Trust: 0.8

vendor:acrnmodel:project acrn embedded hypervisorscope:eqversion:2.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-010570 // NVD: CVE-2020-15687

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2020-15687
value: HIGH

Trust: 1.0

NVD: JVNDB-2020-010570
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202008-1462
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2020-15687
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2020-010570
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2020-15687
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2020-010570
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2020-010570 // CNNVD: CNNVD-202008-1462 // NVD: CVE-2020-15687

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

problemtype:CWE-Other

Trust: 0.8

sources: JVNDB: JVNDB-2020-010570 // NVD: CVE-2020-15687

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202008-1462

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202008-1462

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2020-010570

PATCH
title:Security Advisoryurl:https://projectacrn.github.io/2.1/asa.html#addressed-in-acrn-v2-1
Trust: 0.8
title:Hypervisor Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=127966
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010570 // 
            
            
            
            CNNVD: CNNVD-202008-1462

EXTERNAL IDS
db:NVDid:CVE-2020-15687
Trust: 2.4
db:JVNDBid:JVNDB-2020-010570
Trust: 0.8
db:CNNVDid:CNNVD-202008-1462
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2020-010570 // 
            
            
            
            CNNVD: CNNVD-202008-1462 // 
            
            
            
            NVD: CVE-2020-15687

REFERENCES
url:https://projectacrn.github.io/2.1/asa.html#addressed-in-acrn-v2-1
Trust: 1.6
url:https://projectacrn.github.io/latest/developer-guides/hld/split-dm.html
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2020-15687
Trust: 1.4
url:https://projectacrn.github.io/latest/
Trust: 1.0
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2020-15687
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2020-010570 // 
            
            
            
            CNNVD: CNNVD-202008-1462 // 
            
            
            
            NVD: CVE-2020-15687

SOURCES
db:JVNDBid:JVNDB-2020-010570
db:CNNVDid:CNNVD-202008-1462
db:NVDid:CVE-2020-15687

LAST UPDATE DATE
2024-11-23T21:35:24.453000+00:00

SOURCES UPDATE DATE
db:JVNDBid:JVNDB-2020-010570date:2021-01-28T02:39:59
db:CNNVDid:CNNVD-202008-1462date:2020-09-14T00:00:00
db:NVDid:CVE-2020-15687date:2024-11-21T05:06:00.930

SOURCES RELEASE DATE
db:JVNDBid:JVNDB-2020-010570date:2021-01-28T02:39:59
db:CNNVDid:CNNVD-202008-1462date:2020-08-31T00:00:00
db:NVDid:CVE-2020-15687date:2020-08-31T16:15:14.897