CVE-2020-0890
MEDIUMWindows 10 and Windows Server 2016/2019 - Denial of Service via Malicious Guest Data
Title source: llmExploitation Summary
EIP tracks 2 public exploits for CVE-2020-0890. PoCs published by gerhart01, skasanagottu57gmailv.
AI-analyzed exploit summary This is a working proof-of-concept for a local denial-of-service (DoS) vulnerability in Hyper-V (CVE-2020-0890). The exploit leverages nested virtualization to trigger a BSOD on the host system by manipulating Hyper-V's enlightened VMCS and VP assist page structures.
Description
<p>A denial of service vulnerability exists when Microsoft Hyper-V on a host server fails to properly validate specific malicious data from a user on a guest operating system.</p> <p>To exploit the vulnerability, an attacker who already has a privileged account on a guest operating system, running as a virtual machine, could run a specially crafted application.</p> <p>The security update addresses the vulnerability by resolving the conditions where Hyper-V would fail to handle these requests.</p>
Exploits (2)
This is a working proof-of-concept for a local denial-of-service (DoS) vulnerability in Hyper-V (CVE-2020-0890). The exploit leverages nested virtualization to trigger a BSOD on the host system by manipulating Hyper-V's enlightened VMCS and VP assist page structures.
This repository contains a README file describing a proof-of-concept for CVE-2020-0890, a Windows Hyper-V Denial of Service vulnerability. No actual exploit code is present in the provided files.
References (1)
Scores
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H