VDB
CVE-2020-11740
CVE-2020-11740
PUBLISHED
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.
EPSS 0.09% · 25.6th percentile
Risk Scores
EPSS Score
0.09%
25.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | xen | *, 4.9.2-0ubuntu6, 4.9.2-0ubuntu7 |
| Ubuntu:18.04:LTS | xen | 4.9.0-0ubuntu3, 4.9.0-0ubuntu4, 4.9.2-0ubuntu1 |
| Ubuntu:16.04:LTS | xen | 4.6.5-0ubuntu1.4, 0, 4.6.0-1ubuntu4.1 |
Timeline
- Apr 14, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 22, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 25, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 27, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 1, 2022 EPSS Score
- Jul 2, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-11740 third-party-advisory
- https://xenbits.xen.org/xsa/advisory-313.html third-party-advisory
- http://www.openwall.com/lists/oss-security/2020/04/14/1 third-party-advisory
- http://xenbits.xen.org/xsa/advisory-313.html third-party-advisory
- https://ubuntu.com/security/notices/USN-5617-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-11740 third-party-advisory