CVE-2020-11740

Name
CVE-2020-11740
Description
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://xenbits.xen.org/xsa/advisory-313.html
Patch http://xenbits.xen.org/xsa/advisory-313.html
Mailing List http://www.openwall.com/lists/oss-security/2020/04/14/1
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/
SUSE http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html
FEDORA https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/
GENTOO https://security.gentoo.org/glsa/202005-08
DEBIAN https://www.debian.org/security/2020/dsa-4723

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:* xen >= 3.2.0 <= 4.13.0
cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:* xen == None == 4.13.0

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
xen 3.10-main 4.12.4-r0 None fixed