{"id":"CVE-2021-20295","details":"It was discovered that the update for the virt:rhel module in the RHSA-2020:4676 (https://access.redhat.com/errata/RHSA-2020:4676) erratum released as part of Red Hat Enterprise Linux 8.3 failed to include the fix for the qemu-kvm component issue CVE-2020-10756, which was previously corrected in virt:rhel/qemu-kvm via erratum RHSA-2020:4059 (https://access.redhat.com/errata/RHSA-2020:4059). CVE-2021-20295 was assigned to that Red Hat specific security regression. For more details about the original security issue CVE-2020-10756, refer to bug 1835986 or the CVE page: https://access.redhat.com/security/cve/CVE-2020-10756.","modified":"2026-03-14T10:38:17.040832Z","published":"2022-04-01T23:15:08.777Z","related":["ALSA-2021:1064"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2020-10756"},{"type":"ADVISORY","url":"https://security.netapp.com/advisory/ntap-20220519-0003/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1944075"}],"affected":[{"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"fixed":"4.2.0-34"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20295.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N"}]}