Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-11741

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.

Published

2020-04-14T13:15:12.843

Last Modified

2024-11-21T04:58:31.640

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-909

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Operating System	xen	xen	≤ 4.13.0	Yes
Operating System	xen	xen	4.13.0	Yes
Operating System	xen	xen	4.13.0	Yes
Operating System	fedoraproject	fedora	30	Yes
Operating System	fedoraproject	fedora	31	Yes
Operating System	fedoraproject	fedora	32	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	opensuse	leap	15.1	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2020/04/14/1 Mailing List, Patch, Third Party Advisory ([email protected])
http://xenbits.xen.org/xsa/advisory-313.html Patch, Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/ ([email protected])
https://security.gentoo.org/glsa/202005-08 Third Party Advisory ([email protected])
https://www.debian.org/security/2020/dsa-4723 Third Party Advisory ([email protected])
https://xenbits.xen.org/xsa/advisory-313.html Patch, Vendor Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2020/04/14/1 Mailing List, Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://xenbits.xen.org/xsa/advisory-313.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202005-08 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2020/dsa-4723 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://xenbits.xen.org/xsa/advisory-313.html Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)