{
  "threat_severity" : "Low",
  "public_date" : "2020-04-02T00:00:00Z",
  "bugzilla" : {
    "description" : "qemu: weak signature generation in Pointer Authentication support for ARM",
    "id" : "1809948",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1809948"
  },
  "cvss3" : {
    "cvss3_base_score" : "5.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-325",
  "details" : [ "A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.", "A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU." ],
  "statement" : "Several packages are unaffected because they do not include support for Pointer Authentication. These include:\n* `qemu-kvm-ma` as shipped with Red Hat Enterprise Linux for ARM 64 7\n* `qemu-kvm` as shipped with Red Hat Enterprise Linux 6, 7 and 8\n* `qemu-kvm-rhev` as shipped with Red Hat OpenStack Platform 10 and 13",
  "acknowledgement" : "Red Hat would like to thank Xingman Chen and Yuan Li (NISL, Tsinghua University) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Advanced Virtualization for RHEL 8.2.1",
    "release_date" : "2020-07-28T00:00:00Z",
    "advisory" : "RHBA-2020:3172",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8.2::el8",
    "package" : "virt:8.2-8020120200707202843.11e3e113"
  }, {
    "product_name" : "Advanced Virtualization for RHEL 8.2.1",
    "release_date" : "2020-07-28T00:00:00Z",
    "advisory" : "RHBA-2020:3172",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8.2::el8",
    "package" : "virt-devel:8.2-8020120200707202843.11e3e113"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Not affected",
    "package_name" : "xen",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm-ma",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "virt:rhel/qemu-kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8 Advanced Virtualization",
    "fix_state" : "Affected",
    "package_name" : "virt:8.1/qemu-kvm",
    "cpe" : "cpe:/a:redhat:advanced_virtualization:8::el8"
  }, {
    "product_name" : "Red Hat OpenStack Platform 10 (Newton)",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:10"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Not affected",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:13"
  }, {
    "product_name" : "Red Hat OpenStack Platform 14 (Rocky)",
    "fix_state" : "Out of support scope",
    "package_name" : "qemu-kvm-rhev",
    "cpe" : "cpe:/a:redhat:openstack:14"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-10702\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10702" ],
  "name" : "CVE-2020-10702",
  "csaw" : false
}