PT-2020-12818 · Xen+3 · Xen+3

Ilja Van Sprundel

Published

2020-04-14

Updated

2024-06-15

CVE-2020-11740

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Xen versions through 4.13.x

Description An issue in xenoprof allows guest OS users without active profiling to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.

Recommendations For Xen versions through 4.13.x, consider disabling the xenoprof feature until a patch is available to prevent unprivileged guests from mapping xenoprof buffers and obtaining sensitive information about other guests.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-212

Related Identifiers

CVE-2020-11740

DSA-4723-1

OPENSUSE-SU-2020:0599-1

OPENSUSE-SU-2020_0599-1

OPENSUSE-SU-2024:11520-1

SUSE-SU-2020:1124-1

SUSE-SU-2020:1138-1

SUSE-SU-2020:1139-1

SUSE-SU-2020:14444-1

SUSE-SU-2020:14448-1

SUSE-SU-2020:1630-1

SUSE-SU-2020:1634-1

SUSE-SU-2020:2234-1

SUSE-SU-2020_1630-1

SUSE-SU-2020_1634-1

USN-5617-1

Affected Products

Linuxmint

Suse

Ubuntu

Xen

PT-2020-12818 · Xen+3 · Xen+3

CVE-2020-11740

Weakness Enumeration

Related Identifiers

Affected Products

References · 197