CVE-2020-11740
Published: 14 April 2020
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.
Notes
| Author | Note |
|---|---|
| mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
Priority
Medium
CVSS 3 base score: 5.5
Status
| Package | Release | Status |
|---|---|---|
|
xen Launchpad, Ubuntu, Debian |
bionic |
Needed
|
| eoan |
Ignored
(reached end-of-life)
|
|
| focal |
Released
(4.11.3+24-g14b62ab3e5-1ubuntu2.3)
|
|
| groovy |
Ignored
(reached end-of-life)
|
|
| hirsute |
Ignored
(reached end-of-life)
|
|
| impish |
Ignored
(reached end-of-life)
|
|
| jammy |
Not vulnerable
(4.15.0-1)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Needed
|
|
| Binaries built from this source package are in Universe and so are supported by the community. | ||