What is CVE-2020-24485?

CVE-2020-24485 is a high-severity vulnerability in Intel Trace_analyzer_and_collector, classified under Uncontrolled Search Path Element. CVSS score: 7.8/10. Published 2021-02-17.

How severe is CVE-2020-24485?

High severity. CVSS v3 base score is 7.8 out of 10.

Vulnerability in Intel Trace_analyzer_and_collector

CVE-2020-24485

Improper conditions check in the Intel(R) FPGA OPAE Driver for Linux before kernel version 4.17 may allow an authenticated user to potentially enable escalation of privilege via local access.

EPSS: 0.003 (19.7th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.8 (High). Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Intel Trace_analyzer_and_collector — versions update1, update2, update3
N/a Intel(r) Fpga Opae Driver For Linux — versions See references

Weakness classification (CWE)

CWE-427 — Uncontrolled Search Path Element

References

secure@intel.com (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-24485?: CVE-2020-24485 is a high-severity vulnerability in Intel Trace_analyzer_and_collector, classified under Uncontrolled Search Path Element. CVSS score: 7.8/10. Published 2021-02-17.
How severe is CVE-2020-24485?: High severity. CVSS v3 base score is 7.8 out of 10.