Vulnerability Details : CVE-2020-11741
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.
Vulnerability category: Gain privilegeDenial of service
Products affected by CVE-2020-11741
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*
- cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-11741
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 12 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-11741
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.9
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:C/A:C |
3.4
|
10.0
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
2.0
|
6.0
|
NIST |
CWE ids for CVE-2020-11741
-
The product does not initialize a critical resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-11741
-
http://xenbits.xen.org/xsa/advisory-313.html
XSA-313 - Xen Security AdvisoriesPatch;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/
[SECURITY] Fedora 32 Update: xen-4.13.0-7.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/
Mailing List;Third Party Advisory
-
https://xenbits.xen.org/xsa/advisory-313.html
XSA-313 - Xen Security AdvisoriesPatch;Vendor Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/
[SECURITY] Fedora 30 Update: xen-4.11.4-1.fc30 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://www.debian.org/security/2020/dsa-4723
Third Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html
[security-announce] openSUSE-SU-2020:0599-1: important: Security updateMailing List;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2020/04/14/1
oss-security - Xen Security Advisory 313 v3 (CVE-2020-11740,CVE-2020-11741) - multiple xenoprof issuesMailing List;Patch;Third Party Advisory
-
https://security.gentoo.org/glsa/202005-08
Xen: Multiple vulnerabilities (GLSA 202005-08) — Gentoo securityThird Party Advisory
Jump to