VDB

ALPINE-CVE-2020-11740

ALPINE-CVE-2020-11740 PUBLISHED CVSS 5.5 MEDIUM

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.

Risk Scores

CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

VendorProductVersions
Alpine:v3.9xen4.0.1-r0, 4.9.1-r3, 4.9.1-r2
Alpine:v3.16xen4.3.0-r1, 4.2.2-r5, 4.3.0-r0
Alpine:v3.10xen0, 4.9.1-r3, 4.9.1-r2
Alpine:v3.22xen4.2.0-r3, 4.9.1-r3, 4.9.1-r2
Alpine:v3.8xen0, 4.0.1-r1, 4.0.1-r2
Alpine:v3.14xen4.9.1-r3, 4.9.1-r2, 4.9.1-r1
Alpine:v3.20xen4.1.2-r9, 4.3.0-r7, 4.3.0-r6
Alpine:v3.18xen0, 4.0.1-r2, 4.0.1-r1
Alpine:v3.19xen4.9.1-r3, 4.13.0-r2, 4.12.1-r1
Alpine:v3.17xen4.4.1-r6, 4.0.1-r0, 4.0.1-r2
Alpine:v3.12xen4.11.1-r0, 4.11.1-r1, 4.12.0-r0
Alpine:v3.23xen4.2.0-r0, 4.6.0-r3, 0
Alpine:v3.13xen4.0.1-r0, 4.9.1-r3, 4.9.1-r2
Alpine:v3.15xen4.1.2-r10, 4.12.1-r1, 4.13.0-r0
Alpine:v3.21xen4.3.1-r2, 4.10.0-r1, 4.11.0-r1
Alpine:v3.11xen4.7.0-r3, 4.7.0-r2, 4.7.0-r1

Timeline

  • Apr 14, 2020 CVE Published
  • Dec 3, 2025 CVE Updated
  • Apr 30, 2026 Distribution Patch

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›