Home

CVE-2020-11740

Description

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.

Risk Information

Base Score
5.5
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.108

Associated Vulnerability

VulnerabilityOS Platform
SUSE-SU-2020:1138-1(SUSE Linux Enterprise Server 12-SP4 ) xen-4.11.3_04-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1138-1(SUSE Linux Enterprise Server 12-SP4 ) xen-debugsource-4.11.3_04-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1138-1(SUSE Linux Enterprise Server 12-SP4 ) xen-doc-html-4.11.3_04-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1138-1(SUSE Linux Enterprise Server 12-SP4 ) xen-libs-4.11.3_04-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1138-1(SUSE Linux Enterprise Server 12-SP4 ) xen-libs-32bit-4.11.3_04-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1138-1(SUSE Linux Enterprise Server 12-SP4 ) xen-libs-debuginfo-4.11.3_04-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1138-1(SUSE Linux Enterprise Server 12-SP4 ) xen-libs-debuginfo-32bit-4.11.3_04-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1138-1(SUSE Linux Enterprise Server 12-SP4 ) xen-tools-4.11.3_04-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1138-1(SUSE Linux Enterprise Server 12-SP4 ) xen-tools-debuginfo-4.11.3_04-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1138-1(SUSE Linux Enterprise Server 12-SP4 ) xen-tools-domU-4.11.3_04-2.23.1.x86_64.rpmLinux
SUSE-SU-2020:1138-1(SUSE Linux Enterprise Server 12-SP4 ) xen-tools-domU-debuginfo-4.11.3_04-2.23.1.x86_64.rpmLinux
Public headers and libs for Xen (USN-5617-1) libxenevtchn1_4.11.3+24-g14b62ab3e5-1ubuntu2.3_amd64.debLinux
Public headers and libs for Xen (USN-5617-1) libxengnttab1_4.11.3+24-g14b62ab3e5-1ubuntu2.3_amd64.debLinux
Public headers and libs for Xen (USN-5617-1) libxenmisc4.11_4.11.3+24-g14b62ab3e5-1ubuntu2.3_amd64.debLinux
Public headers and libs for Xen (USN-5617-1) xen-utils-4.11_4.11.3+24-g14b62ab3e5-1ubuntu2.3_amd64.debLinux
Public headers and libs for Xen (USN-5617-1) xenstore-utils_4.11.3+24-g14b62ab3e5-1ubuntu2.3_amd64.debLinux
Public headers and libs for Xen (USN-5617-1) xen-utils-common_4.11.3+24-g14b62ab3e5-1ubuntu2.3_amd64.debLinux
Public headers and libs for Xen (USN-5617-1) libxendevicemodel1_4.11.3+24-g14b62ab3e5-1ubuntu2.3_amd64.debLinux
Public headers and libs for Xen (USN-5617-1) xen-hypervisor-4.11-amd64_4.11.3+24-g14b62ab3e5-1ubuntu2.3_amd64.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234