First published: Thu Dec 17 2020(Updated: )
Lack of validation on data read from guest memory in IntPeGetDirectory, IntPeParseUnwindData, IntLogExceptionRecord, IntKsymExpandSymbol and IntLixTaskDumpTree may lead to out-of-bounds read or it could cause DoS due to integer-overflor (IntPeGetDirectory), TOCTOU (IntPeParseUnwindData) or insufficient validations.
Credit: cve-requests@bitdefender.com
Affected Software | Affected Version | How to fix |
---|---|---|
Bitdefender Hypervisor Introspection | <1.132.2 |
The issue has been fixed in Introcore 1.132.2.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2020-15292 is a vulnerability that allows for lack of validation on data read from guest memory in Bitdefender Hypervisor Introspection.
The severity of CVE-2020-15292 is medium (5.5).
Bitdefender Hypervisor Introspection up to version 1.132.2 is affected by CVE-2020-15292.
This vulnerability can be exploited by reading data from guest memory without proper validation, leading to out-of-bounds reads or denial of service attacks.
Yes, Bitdefender has released a fix for this vulnerability. It is recommended to update to version 1.132.2 or later of Bitdefender Hypervisor Introspection.