CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
14.2%
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest
OS users (with active profiling) to obtain sensitive information about
other guests, cause a denial of service, or possibly gain privileges. For
guests for which “active” profiling was enabled by the administrator, the
xenoprof code uses the standard Xen shared ring structure. Unfortunately,
this code did not treat the guest as a potential adversary: it trusts the
guest not to modify buffer size information or modify head / tail pointers
in unexpected ways. This can crash the host (DoS). Privilege escalation
cannot be ruled out.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
www.openwall.com/lists/oss-security/2020/04/14/1
xenbits.xen.org/xsa/advisory-313.html
launchpad.net/bugs/cve/CVE-2020-11741
nvd.nist.gov/vuln/detail/CVE-2020-11741
security-tracker.debian.org/tracker/CVE-2020-11741
ubuntu.com/security/notices/USN-5617-1
www.cve.org/CVERecord?id=CVE-2020-11741
xenbits.xen.org/xsa/advisory-313.html
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
14.2%