An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2020/04/14/1 | Mailing List Patch Third Party Advisory |
http://xenbits.xen.org/xsa/advisory-313.html | Patch Vendor Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/ | |
https://security.gentoo.org/glsa/202005-08 | Third Party Advisory |
https://www.debian.org/security/2020/dsa-4723 | Third Party Advisory |
https://xenbits.xen.org/xsa/advisory-313.html | Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
History
07 Nov 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
03 May 2022, 14:06
Type | Values Removed | Values Added |
---|---|---|
First Time |
Debian debian Linux
Debian Opensuse leap Fedoraproject fedora Opensuse Fedoraproject |
|
CWE | CWE-212 | |
CPE | cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* |
|
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/ - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202005-08 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/ - Mailing List, Third Party Advisory | |
References | (DEBIAN) https://www.debian.org/security/2020/dsa-4723 - Third Party Advisory |
Information
Published : 2020-04-14 13:15
Updated : 2023-12-10 13:27
NVD link : CVE-2020-11740
Mitre link : CVE-2020-11740
CVE.ORG link : CVE-2020-11740
JSON object : View
Products Affected
opensuse
- leap
xen
- xen
debian
- debian_linux
fedoraproject
- fedora
CWE
CWE-212
Improper Removal of Sensitive Information Before Storage or Transfer