CVE-2020-15294

Name of the Vulnerable Software and Affected Versions Bitdefender Hypervisor Introspection versions prior to 1.132.2

Description The issue is related to a Compiler Optimization Removal or Modification of Security-critical Code vulnerability in the IntPeParseUnwindData() function, which results in multiple dereferences to the same pointer. If the pointer is located in memory-mapped from the guest space, this may cause a race-condition where the generated code would dereference the same address twice, thus obtaining different values, which may lead to arbitrary code execution.

Recommendations For versions prior to 1.132.2, update to version 1.132.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the IntPeParseUnwindData() function to minimize the risk of exploitation.