Compiler Optimization Removal or Modification of Security-critical Code

CVE-2020-15294

High

7.8/10

Summary

Compiler Optimization Removal or Modification of Security-critical Code vulnerability in IntPeParseUnwindData() results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution. This issue affects: Bitdefender Hypervisor Introspection versions prior to 1.132.2.

Attack Complexity: LOW
Attack Vector: LOCAL
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: LOW
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-733 - Compiler Optimization Removal or Modification of Security-critical Code

The developer builds a security-critical protection mechanism into the software, but the compiler optimizes the program such that the mechanism is removed or modified.

References

Advisory Timeline

Published Dec 17, 2020

Compiler Optimization Removal or Modification of Security-critical Code

CVE-2020-15294

Summary

CWE-733 - Compiler Optimization Removal or Modification of Security-critical Code

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS