How severe is CVE-2020-7456?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.8 out of 10.

What type of vulnerability is CVE-2020-7456?

This is classified as CWE-119, which is a common weakness in software security.

CVE-2020-7456 - MEDIUM Severity | CVSS 6.8

Vulnerability Description

In FreeBSD 12.1-STABLE before r361918, 12.1-RELEASE before p6, 11.4-STABLE before r361919, 11.3-RELEASE before p10, and 11.4-RC2 before p1, an invalid memory location may be used for HID items if the push/pop level is not restored within the processing of that HID item allowing an attacker with physical access to a USB port to be able to use a specially crafted USB device to gain kernel or user-space code execution.

Related Vulnerabilities

CVE-2015-4049

MEDIUM

CVSS:6.8(Medium)

Unisys Libra 43xx, 63xx, and 83xx, and FS600 class systems with MCP-FIRMWARE 40.0 before 40.0IC4 Build 270 might allow remote authenticated users to cause a denial of service (data corruption or syste...

CWE-1192015

CVE-2016-1734

MEDIUM

CVSS:6.8(Medium)

AppleUSBNetworking in Apple iOS before 9.3 and OS X before 10.11.4 allows physically proximate attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corrupti...

CWE-1192016

CVE-2016-8633

MEDIUM

CVSS:6.8(Medium)

drivers/firewire/net.c in the Linux kernel before 4.8.7, in certain unusual hardware configurations, allows remote attackers to execute arbitrary code via crafted fragmented packets.

CWE-1192016

CVE-2017-0706

MEDIUM

CVSS:6.8(Medium)

A elevation of privilege vulnerability in the Broadcom wi-fi driver. Product: Android. Versions: Android kernel. Android ID: A-35195787. References: B-RB#120532.

CWE-1192017

CVE-2017-10814

MEDIUM

CVSS:6.8(Medium)

Buffer overflow in CG-WLR300NM Firmware version 1.90 and earlier allows an attacker to execute arbitrary code via unspecified vectors.

CWE-1192017

CVE-2017-16534

MEDIUM

CVSS:6.8(Medium)

The cdc_parse_cdc_header function in drivers/usb/core/message.c in the Linux kernel before 4.13.6 allows local users to cause a denial of service (out-of-bounds read and system crash) or possibly have...

CWE-1192017