VDB
CVE-2020-24165
CVE-2020-24165
PUBLISHED
An issue was discovered in TCG Accelerator in QEMU 4.2.0, allows local attackers to execute arbitrary code, escalate privileges, and cause a denial of service (DoS). Note: This is disputed as a bug and not a valid security issue by multiple third parties.
EPSS 0.43% · 62.9th percentile
Risk Scores
EPSS Score
0.43%
62.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | qemu | 0, 1:4.0+dfsg-0ubuntu9, 1:4.0+dfsg-0ubuntu10 |
Timeline
- Aug 28, 2023 CVE Published
- Aug 29, 2023 EPSS Score
- Oct 1, 2023 EPSS Score
- Oct 5, 2023 PoC Published
- Nov 3, 2023 EPSS Score
- Dec 6, 2023 EPSS Score
- Jan 8, 2024 EPSS Score
- Feb 10, 2024 EPSS Score
- Mar 14, 2024 EPSS Score
- Apr 16, 2024 EPSS Score
- May 18, 2024 EPSS Score
- Jun 20, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-24165 third-party-advisory
- https://pastebin.com/iqCbjdT8 third-party-advisory
- https://ubuntu.com/security/notices/USN-6567-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-24165 third-party-advisory