Vulnerability CVE-2020-15970

Vulnerability Name:

CVE-2020-15970 (CCN-189466)

Assigned:

2020-10-06

Published:

2020-10-06

Updated:

2021-03-11

Summary:

Use after free in NFC in Google Chrome prior to 86.0.4240.75 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page.

CVSS v3 Severity:

8.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H)
7.7 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): Required
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

9.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:S/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-416

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2020-15970

Source: SUSE
Type: Mailing List, Third Party Advisory
openSUSE-SU-2020:1829

Source: CCN
Type: Google Chrome Releases Web site
Stable Channel Update for Desktop

Source: MISC
Type: Release Notes, Vendor Advisory
https://chromereleases.googleblog.com/2020/10/stable-channel-update-for-desktop.html

Source: MISC
Type: Permissions Required, Vendor Advisory
https://crbug.com/1108299

Source: XF
Type: UNKNOWN
google-chrome-cve202015970-code-exec(189466)

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-8aca25b5c8

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-127d40f1ab

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2020-4e8e48da22

Source: DEBIAN
Type: Third Party Advisory
DSA-4824

Vulnerable Configuration:

Configuration 1:

cpe:/a:google:chrome:*:*:*:*:*:*:*:* (Version < 86.0.4240.75)

Configuration 2:

cpe:/o:fedoraproject:fedora:31:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:opensuse:backports_sle:15.0:sp2:*:*:*:*:*:*

Configuration 4:

cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:202015970	V	CVE-2020-15970	2022-06-30
oval:org.opensuse.security:def:112066	P	chromedriver-93.0.4577.82-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105615	P	chromedriver-93.0.4577.82-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:64771	P	Security update for gd (Moderate)	2021-09-27
oval:org.opensuse.security:def:64570	P	Security update for java-11-openjdk (Important)	2021-09-03
oval:org.opensuse.security:def:63521	P	taglib-1.11.1-4.9.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63383	P	virt-install-3.2.0-5.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63123	P	cloud-init-20.2-8.45.1 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:63326	P	erlang-rabbitmq-client-3.8.11-1.26 on GA media (Moderate)	2021-08-10
oval:org.opensuse.security:def:64458	P	Security update for xen (Important)	2021-04-06
oval:org.opensuse.security:def:64664	P	Security update for the Linux Kernel (Important)	2021-03-09
oval:org.opensuse.security:def:64663	P	Security update for openldap2 (Important)	2021-03-08
oval:org.opensuse.security:def:64527	P	Security update for permissions (Moderate)	2021-01-22
oval:org.opensuse.security:def:74636	P	Security update for xstream (Important)	2021-01-20
oval:org.opensuse.security:def:63148	P	dovecot23-2.3.1-2.20 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63619	P	gnome-shell-calendar-3.34.4+4-1.58 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62702	P	libtag-devel-1.11.1-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62902	P	guile-2.0.14-5.3.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62701	P	libsrtp2-1-2.2.0-1.34 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63116	P	kernel-devel-azure-4.12.14-5.47.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:62725	P	wavpack-5.1.0-4.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63181	P	sblim-sfcb-1.4.9-3.7 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:63120	P	terraform-0.12.19-3.6.1 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:74985	P	Security update for python-ipaddress (Important)	2020-12-01
oval:org.opensuse.security:def:64416	P	mailx on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64074	P	Security update for python3 (Important)	2020-12-01
oval:org.opensuse.security:def:63969	P	Security update for mutt (Important)	2020-12-01
oval:org.opensuse.security:def:64873	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:65043	P	Security update for permissions (Moderate)	2020-12-01
oval:org.opensuse.security:def:64314	P	libXxf86dga-devel on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63747	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:75118	P	Security update for chromium (Critical)	2020-12-01
oval:org.opensuse.security:def:64208	P	apache-commons-httpclient on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:63822	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:74510	P	Security update for cni-plugins (Moderate)	2020-12-01
oval:org.opensuse.security:def:64198	P	ruby2.5-rubygem-activejob-5_1 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:64931	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:100249	P	(Important)	2020-11-30
oval:org.opensuse.security:def:109731	P	Security update for chromium, gn (Important)	2020-11-05
oval:org.opensuse.security:def:103074	P	Security update for chromium, gn (Important)	2020-11-05
oval:org.opensuse.security:def:96384	P	Security update for chromium, gn (Important)	2020-11-05
oval:org.opensuse.security:def:93536	P	Security update for chromium (Critical)	2020-10-23
oval:org.opensuse.security:def:110260	P	Security update for chromium (Critical)	2020-10-22
oval:org.opensuse.security:def:110813	P	Security update for chromium (Critical)	2020-10-22

BACK