Complete lack of validation of attacker-controlled parameters leads to a buffer over read. The results of the over read are written back to the guest virtual machine=E2=80=99s memory. This vulnerability can be used by an attacker in a virtual machine to read significant amounts of host memory. This vulnerability can be chained with finding number 1 to read arbitrary amounts of data from any address in the vhost_crypto process. CREATE(Triage):(User=admin) [CVE-2020-14377|https://nvd.nist.gov/vuln/detail/CVE-2020-14377]
