Lucene search

MitreCVE-2020-11741

HistoryApr 14, 2020 - 1:15 p.m.

CVE-2020-11741

2020-04-1413:15:12

CWE-909

mitre

web.nvd.nist.gov

142

xen

xenoprof

cve-2020-11741

security

information security

vulnerability

denial of service

privilege escalation

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

8.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

AI Score

Confidence

High

EPSS

Percentile

14.2%

JSON

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which “active” profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.

Affected configurations

Nvd

Node

xenxenRange≤4.13.0

xenxenMatch4.13.0rc1

xenxenMatch4.13.0rc2

Node

fedoraprojectfedoraMatch30

fedoraprojectfedoraMatch31

fedoraprojectfedoraMatch32

Node

debiandebian_linuxMatch10.0

Node

opensuseleapMatch15.1

VendorProductVersionCPE
xenxen*cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
xenxen4.13.0cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*
xenxen4.13.0cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*
fedoraprojectfedora30cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
fedoraprojectfedora31cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
fedoraprojectfedora32cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
debiandebian_linux10.0cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
opensuseleap15.1cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xen	xen	*	cpe:2.3:o:xen:xen::::::::
xen	xen	4.13.0	cpe:2.3:o:xen:xen:4.13.0:rc1::::::
xen	xen	4.13.0	cpe:2.3:o:xen:xen:4.13.0:rc2::::::
fedoraproject	fedora	30	cpe:2.3:o:fedoraproject:fedora:30:::::::*
fedoraproject	fedora	31	cpe:2.3:o:fedoraproject:fedora:31:::::::*
fedoraproject	fedora	32	cpe:2.3:o:fedoraproject:fedora:32:::::::*
debian	debian_linux	10.0	cpe:2.3:o:debian:debian_linux:10.0:::::::*
opensuse	leap	15.1	cpe:2.3:o:opensuse:leap:15.1:::::::*