Authentication bypass in QEMU

This security advisory describes one low risk vulnerability.


1) Improper Verification of Cryptographic Signature


Severity: Low


CVSSv3: 3.9 [CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]


CVE-ID: CVE-2020-10702


CWE-ID: CWE-347 - Improper Verification of Cryptographic Signature


Exploit availability: No


Description

The vulnerability allows a local user to bypass authentication.


The vulnerability exists due to usage of a weak signature algorithm within the /arm/pauth_helper.c in Pointer Authentication support for ARM. A local user can bypass PAuth and gain unauthorized access to resources on the system.


Mitigation

Install updates from vendor's website.


Vulnerable software versions

QEMU: 4.0.0, 4.0.1, 4.1.0, 4.2.0


CPE
  • cpe:/a:qemu:qemu:4.2.0:

  • cpe:/a:qemu:qemu:4.0.1:

  • cpe:/a:qemu:qemu:4.1.0:

  • cpe:/a:qemu:qemu:4.0.0:

  • External links

    https://usn.ubuntu.com/4372-1/https://security-tracker.debian.org/tracker/CVE-2020-10702https://bugs.launchpad.net/qemu/+bug/1859713 authentication bypass