5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
16.7%
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest
OS users (without active profiling) to obtain sensitive information about
other guests. Unprivileged guests can request to map xenoprof buffers, even
if profiling has not been enabled for those guests. These buffers were not
scrubbed.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
www.openwall.com/lists/oss-security/2020/04/14/1
xenbits.xen.org/xsa/advisory-313.html
launchpad.net/bugs/cve/CVE-2020-11740
nvd.nist.gov/vuln/detail/CVE-2020-11740
security-tracker.debian.org/tracker/CVE-2020-11740
ubuntu.com/security/notices/USN-5617-1
www.cve.org/CVERecord?id=CVE-2020-11740
xenbits.xen.org/xsa/advisory-313.html
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
2.1 Low
CVSS2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
0.0005 Low
EPSS
Percentile
16.7%