How severe is CVE-2020-8873?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.2 out of 10.

What type of vulnerability is CVE-2020-8873?

This is classified as CWE-367, which is a common weakness in software security.

CVE-2020-8873 - HIGH Severity | CVSS 8.2

Vulnerability Description

This vulnerability allows local attackers to escalate privileges on affected installations of Parallels Desktop 15.1.2-47123. An attacker must first obtain the ability to execute high-privileged code on the target guest system in order to exploit this vulnerability. The specific flaw exists within the xHCI component. The issue results from the lack of proper locking when performing operations on an object. An attacker can leverage this vulnerability to escalate privileges and execute code in the context of the hypervisor. Was ZDI-CAN-10031.

Related Vulnerabilities

CVE-2024-3290

HIGH

CVSS:8.2(High)

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus host could modify installation parameters at installation time, which could lead to the execution of ar...

CWE-3672024

CVE-2024-3292

HIGH

CVSS:8.2(High)

A race condition vulnerability exists where an authenticated, local attacker on a Windows Nessus Agent host could modify installation parameters at installation time, which could lead to the execution...

CWE-3672024

CVE-2025-22224

HIGH

CVSS:8.2(High)

VMware ESXi, and Workstation contain a TOCTOU (Time-of-Check Time-of-Use) vulnerability that leads to an out-of-bounds write. A malicious actor with local administrative privileges on a virtual machin...

CWE-3672025

CVE-2011-4126

HIGH

CVSS:8.1(High)

Race condition issues were found in Calibre at devices/linux_mount_helper.c allowing unprivileged users the ability to mount any device to anywhere.

CWE-3672011

CVE-2019-10494

HIGH

CVSS:8.1(High)

Race condition between the camera functions due to lack of resource lock which will lead to memory corruption and UAF issue in Snapdragon Auto, Snapdragon Consumer Electronics Connectivity, Snapdragon...

CWE-3672019

CVE-2019-20610

HIGH

CVSS:8.1(High)

An issue was discovered on Samsung mobile devices with N(7.X) and O(8.X) (Exynos 7570, 7870, 7880, 7885, 8890, 8895, and 9810 chipsets) software. A double-fetch vulnerability in Trustlet allows arbitr...

CWE-3672019