Back to search
CVE-2020-11740
Published: Apr 14, 2020
Modified: Aug 4, 2024
PUBLISHED
Description
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://xenbits.xen.org/xsa/advisory-313.html
x_refsource_MISC
http://xenbits.xen.org/xsa/advisory-313.html
x_refsource_CONFIRM
[oss-security] 20200414 Xen Security Advisory 313 v3 (CVE-2020-11740,CVE-2020-11741) - multiple xenoprof issues
mailing-list
x_refsource_MLIST
FEDORA-2020-440457afe4
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-295ed0b1e0
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2020:0599
vendor-advisory
x_refsource_SUSE
FEDORA-2020-cbc3149753
vendor-advisory
x_refsource_FEDORA
GLSA-202005-08
vendor-advisory
x_refsource_GENTOO
DSA-4723
vendor-advisory
x_refsource_DEBIAN
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now