CVE-2021-20295 — Vulnetix

Try Vulnetix Request Demo

CVE-2021-20295 PUBLISHED CVSS 6.5 MEDIUM

It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756.

EPSS 0.15% · 35.3th percentile

Risk Scores

CVSS v3.1

6.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

EPSS Score

0.15%

35.3th percentile

Affected Products

Vendor	Product	Versions
qemu	qemu	0
n/a	QEMU	qemu-kvm 4.2.0-34

Timeline

Apr 1, 2022 CVE Published
Apr 2, 2022 EPSS Score
May 22, 2022 EPSS Score
Jul 11, 2022 EPSS Score
Aug 31, 2022 EPSS Score
Oct 20, 2022 EPSS Score
Dec 9, 2022 EPSS Score
Jan 28, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 19, 2023 EPSS Score
May 8, 2023 EPSS Score
Jun 27, 2023 EPSS Score

References

Open in Interactive Console →