Details of VAR-202111-1207

ID

VAR-202111-1207

CVE

CVE-2021-0180

TITLE

Intel(R) HAXM Resource Exhaustion Vulnerability in Software

Trust: 0.8

sources: JVNDB: JVNDB-2021-015269

DESCRIPTION

Uncontrolled resource consumption in the Intel(R) HAXM software before version 7.6.6 may allow an unauthenticated user to potentially enable privilege escalation via local access. Intel(R) HAXM The software has a resource exhaustion vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Intel Hardware Accelerated Execution Manager (Intel Haxm) is a hardware-assisted virtualization engine (hypervisor) from Intel Corporation that can use Intel Virtualization Technology (Vt) to speed up Android* development. There is a security vulnerability in Intel Hardware Accelerated Execution Manager, which is caused by a configuration error in the network system or product during operation. An unauthorized attacker could exploit the vulnerability to obtain sensitive information of the affected components. Intel is releasing software updates to mitigate these potential vulnerabilities

Trust: 1.8

sources: NVD: CVE-2021-0180 // JVNDB: JVNDB-2021-015269 // VULHUB: VHN-371749 // VULMON: CVE-2021-0180

AFFECTED PRODUCTS

vendor:	intel	model:	hardware accelerated execution manager	scope:	lt	version:	7.6.6	Trust: 1.0
vendor:	インテル	model:	intel hardware accelerated execution manager	scope:	eq	version:	7.6.6	Trust: 0.8
vendor:	インテル	model:	intel hardware accelerated execution manager	scope:	eq	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-015269 // NVD: CVE-2021-0180

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-0180
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-0180
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202110-934
value:	HIGH
Trust: 0.6
VULHUB:	VHN-371749
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-0180
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-371749
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-0180
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.5
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-0180
baseSeverity:	HIGH
baseScore:	8.4
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-371749 // JVNDB: JVNDB-2021-015269 // CNNVD: CNNVD-202110-934 // NVD: CVE-2021-0180

PROBLEMTYPE DATA

problemtype:	CWE-400	Trust: 1.1
problemtype:	Resource exhaustion (CWE-400) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-371749 // JVNDB: JVNDB-2021-015269 // NVD: CVE-2021-0180

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202110-934

TYPE

resource management error

Trust: 0.6

sources: CNNVD: CNNVD-202110-934

PATCH

title:	INTEL-SA-00544	url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00544.html	Trust: 0.8
title:	Intel HAXM Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=170921	Trust: 0.6

sources: JVNDB: JVNDB-2021-015269 // CNNVD: CNNVD-202110-934

EXTERNAL IDS

db:	NVD	id:	CVE-2021-0180	Trust: 3.4
db:	JVN	id:	JVNVU92532697	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-015269	Trust: 0.8
db:	CNNVD	id:	CNNVD-202110-934	Trust: 0.7
db:	AUSCERT	id:	ESB-2021.3370	Trust: 0.6
db:	CS-HELP	id:	SB2021101314	Trust: 0.6
db:	VULHUB	id:	VHN-371749	Trust: 0.1
db:	VULMON	id:	CVE-2021-0180	Trust: 0.1

sources: VULHUB: VHN-371749 // VULMON: CVE-2021-0180 // JVNDB: JVNDB-2021-015269 // CNNVD: CNNVD-202110-934 // NVD: CVE-2021-0180

REFERENCES

url:	https://www.intel.com/content/www/us/en/security-center/advisory/intel-sa-00544.html	Trust: 1.8
url:	https://nvd.nist.gov/vuln/detail/cve-2021-0180	Trust: 1.4
url:	https://jvn.jp/vu/jvnvu92532697/	Trust: 0.8
url:	https://www.auscert.org.au/bulletins/esb-2021.3370	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021101314	Trust: 0.6

sources: VULHUB: VHN-371749 // VULMON: CVE-2021-0180 // JVNDB: JVNDB-2021-015269 // CNNVD: CNNVD-202110-934 // NVD: CVE-2021-0180

SOURCES

db:	VULHUB	id:	VHN-371749
db:	VULMON	id:	CVE-2021-0180
db:	JVNDB	id:	JVNDB-2021-015269
db:	CNNVD	id:	CNNVD-202110-934
db:	NVD	id:	CVE-2021-0180

LAST UPDATE DATE

2024-08-14T14:31:30.867000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-371749	date:	2021-11-22T00:00:00
db:	JVNDB	id:	JVNDB-2021-015269	date:	2022-11-15T02:03:00
db:	CNNVD	id:	CNNVD-202110-934	date:	2021-11-24T00:00:00
db:	NVD	id:	CVE-2021-0180	date:	2021-11-22T19:46:02.383

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-371749	date:	2021-11-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-015269	date:	2022-11-15T00:00:00
db:	CNNVD	id:	CNNVD-202110-934	date:	2021-10-13T00:00:00
db:	NVD	id:	CVE-2021-0180	date:	2021-11-17T20:15:09.457