Hello Li, +-- On Tue, 25 Aug 2020, Li Qiang wrote --+ | Just see the page. | -->https://access.redhat.com/security/cve/CVE-2020-14364 | | The 'Attack Vector' of the CVSS score here is 'local'. | | I think this should be 'network' as the guest user can touch this in cloud | environment? What's the consideration here?
-> https://www.first.org/cvss/v3.1/user-guide#3-5-Scope-Vulnerable-Component-and-Impacted-Component AV:Network or Adjacent is generally used when issue involves network stack. In this case it's a usb device r/w operation. Thank you. -- Prasad J Pandit / Red Hat Product Security Team 8685 545E B54C 486B C6EB 271E E285 8B5A F050 DE8D