CVE-2020-7467

moderate-risk
Published 2021-03-26

In FreeBSD 12.2-STABLE before r365767, 11.4-STABLE before r365769, 12.1-RELEASE before p10, 11.4-RELEASE before p4 and 11.3-RELEASE before p14 a number of AMD virtualization instructions operate on host physical addresses, are not subject to nested page table translation, and guest use of these instructions was not trapped.

Do I need to act?

-
0.04% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.6/10 High
PHYSICAL / LOW complexity

Affected Products (20)

Affected Vendors

Freebsd

References (2)

Vendor Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-20:29.bhyve_svm.asc
Vendor Advisory https://security.FreeBSD.org/advisories/FreeBSD-SA-20:29.bhyve_svm.asc
46
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 0/34 · Minimal
Exposure 22/34 · High