How severe is CVE-2024-47727?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2024-47727?

This is classified as CWE-754, which is a common weakness in software security.

CVE-2024-47727 - HIGH Severity | CVSS 7.8

Vulnerability Description

In the Linux kernel, the following vulnerability has been resolved: x86/tdx: Fix "in-kernel MMIO" check TDX only supports kernel-initiated MMIO operations. The handle_mmio() function checks if the #VE exception occurred in the kernel and rejects the operation if it did not. However, userspace can deceive the kernel into performing MMIO on its behalf. For example, if userspace can point a syscall to an MMIO address, syscall does get_user() or put_user() on it, triggering MMIO #VE. The kernel will treat the #VE as in-kernel MMIO. Ensure that the target MMIO address is within the kernel before decoding instruction.

Related Vulnerabilities

CVE-2018-13013

HIGH

CVSS:7.8(High)

Improper check of unusual conditions when launching msiexec.exe in safensec.com (SysWatch service) in SAFE'N'SEC SoftControl/SafenSoft SysWatch, SoftControl/SafenSoft TPSecure, and SoftControl/SafenSo...

CWE-7542018

CVE-2020-1122

HIGH

CVSS:7.8(High)

<p>An elevation of privilege vulnerability exists when the Windows Language Pack Installer improperly handles file operations. An attacker who successfully exploited this vulnerability could run proce...

CWE-7542020

CVE-2020-24450

HIGH

CVSS:7.8(High)

Improper conditions check in some Intel(R) Graphics Drivers before versions 26.20.100.8141, 15.45.32.5145 and 15.40.46.5144 may allow an authenticated user to potentially enable escalation of privileg...

CWE-7542020

CVE-2020-35931

HIGH

CVSS:7.8(High)

An issue was discovered in Foxit Reader before 10.1.1 (and before 4.1.1 on macOS) and PhantomPDF before 9.7.5 and 10.x before 10.1.1 (and before 4.1.1 on macOS). An attacker can spoof a certified PDF ...

CWE-7542020

CVE-2021-0339

HIGH

CVSS:7.8(High)

In loadAnimation of WindowContainer.java, there is a possible way to keep displaying a malicious app while a target app is brought to the foreground. This could lead to local escalation of privilege w...

CWE-7542021

CVE-2021-29607

HIGH

CVSS:7.8(High)

TensorFlow is an end-to-end open source platform for machine learning. Incomplete validation in `SparseAdd` results in allowing attackers to exploit undefined behavior (dereferencing null pointers) as...

CWE-7542021