How severe is CVE-2020-8918?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.1 out of 10.

What type of vulnerability is CVE-2020-8918?

This is classified as CWE-665, which is a common weakness in software security.

CVE-2020-8918

HIGH Year: 2020

CVSS v3 Score

7.1

High

CVSS v2 Score

3.6

Low

Weakness Type

CWE-665

View all →

Vulnerability Description

An improperly initialized 'migrationAuth' value in Google's go-tpm TPM1.2 library versions prior to 0.3.0 can lead an eavesdropping attacker to discover the auth value for a key created with CreateWrapKey. An attacker listening in on the channel can collect both 'encUsageAuth' and 'encMigrationAuth', and then can calculate 'usageAuth ^ encMigrationAuth' as the 'migrationAuth' can be guessed for all keys created with CreateWrapKey. TPM2.0 is not impacted by this. We recommend updating your library to 0.3.0 or later, or, if you cannot update, to call CreateWrapKey with a random 20-byte value for 'migrationAuth'.

CVE-2021-29613

HIGH

CVSS:7.1(High)

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `tf.raw_ops.CTCLoss` allows an attacker to trigger an OOB read from heap. The fix will be included in Te...

CWE-6652021

CVE-2017-8576

HIGH

CVSS:7.0(High)

The graphics component in Microsoft Windows 10 Gold, 1511, 1607, 1703, and Windows Server 2016 allows an authenticated attacker to run arbitrary code in kernel mode via a specially crafted application...

CWE-6652017

CVE-2019-7240

HIGH

CVSS:7.2(High)

An issue was discovered in WinRing0x64.sys in Moo0 System Monitor 1.83. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x9C402088 and does not properly filter the Model Specific Register ...

CWE-6652019

CVE-2019-7244

HIGH

CVSS:7.2(High)

An issue was discovered in kerneld.sys in AIDA64 before 5.99. The vulnerable driver exposes a wrmsr instruction via IOCTL 0x80112084 and does not properly filter the Model Specific Register (MSR). All...

CWE-6652019

CVE-2019-7245

HIGH

CVSS:7.2(High)

An issue was discovered in GPU-Z.sys in TechPowerUp GPU-Z before 2.23.0. The vulnerable driver exposes a wrmsr instruction via an IOCTL and does not properly filter the Model Specific Register (MSR). ...

CWE-6652019

CVE-2019-7630

HIGH

CVSS:7.2(High)

An issue was discovered in gdrv.sys in Gigabyte APP Center before 19.0227.1. The vulnerable driver exposes a wrmsr instruction via IOCTL 0xC3502580 and does not properly filter the target Model Specif...

CWE-6652019

CVE-2020-8918

Vulnerability Description

Related Vulnerabilities

CVE-2021-29613

CVE-2017-8576

CVE-2019-7240

CVE-2019-7244

CVE-2019-7245

CVE-2019-7630