UBUNTU-CVE-2020-10702

Advisory lineage Upstream: 1 Downstream: 1
Upstream
CVE-2020-10702
Downstream
USN-4372-1
Published: 13 Apr 2020, 00:00
Last modified:04 Feb 2026, 02:25

Vulnerability Summary

Overall Risk (default)
low
22/100
CVSS Score
5.5 MEDIUM
3.1 (osv_ubuntu)
EPSS Score
No data
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

13 Apr 2020, 00:00
Published
Vulnerability first disclosed
04 Feb 2026, 02:25
Last Modified
Vulnerability information updated

Description

A flaw was found in QEMU in the implementation of the Pointer Authentication (PAuth) support for ARM introduced in version 4.0 and fixed in version 5.0.0. A general failure of the signature generation process caused every PAuth-enforced pointer to be signed with the same signature. A local attacker could obtain the signature of a protected pointer and abuse this flaw to bypass PAuth protection for all programs running on QEMU.

CVSS Metrics

  • v3.1MEDIUMScore: 5.5CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Systems

  • ubuntuqemu

    < 1:4.2-3ubuntu5

References (3)