DEBIAN-CVE-2020-11740

DEBIAN-CVE-2020-11740 PUBLISHED CVSS 5.5 MEDIUM

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.

Risk Scores

CVSS v3.1

5.5

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Debian:13	xen	0, 0, 0
Debian:14	xen	0, 0, 0
Debian:11	xen	0, 0, 0
Debian:12	xen	0, 0, 0

Timeline

Apr 14, 2020 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-11740 advisory

Open in Interactive Console →