On Mon, Jan 4, 2021 at 12:29 PM Ferruh Yigit <ferruh.yigit () intel com> wrote:
Thank you for the timely reply. With regard to CVE-2020-14377, the
Scope metric was rated differently by NIST [1] hence my initial
question.
[1] https://nvd.nist.gov/vuln/detail/CVE-2020-14377
kind of guest-to-host compromise, which usually implies a Scope change
(or at least, this holds true for QEMU flaws). Therefore I was
wondering what's the reason behind the different evaluation of the
Scope metric between CVE-2020-14377 and the others.
Regards.
--
Mauro Matteo Cascella
Red Hat Product Security
PGP-Key ID: BB3410B0