### [CVE-2021-20295](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-20295)
![](https://img.shields.io/static/v1?label=Product&message=QEMU&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=qemu-kvm%204.2.0-34%20&color=brightgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-125&color=brightgreen)

### Description

It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/Live-Hack-CVE/CVE-2021-20295