Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-11740

Опубликовано: 14 апр. 2020
Источник: nvd
CVSS3: 5.5
CVSS2: 2.1
EPSS Низкий

Описание

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*
Версия от 3.2.0 (включая) до 4.13.0 (включая)
cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 29%
0.00108
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-212

Связанные уязвимости

ubuntu логотип

CVE-2020-11740

CVSS3: 5.5
ubuntu
почти 6 лет назад

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.

redhat логотип

CVE-2020-11740

CVSS3: 7.5
redhat
почти 6 лет назад

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.

debian логотип

CVE-2020-11740

CVSS3: 5.5
debian
почти 6 лет назад

An issue was discovered in xenoprof in Xen through 4.13.x, allowing gu ...

github логотип

GHSA-cjpx-2x82-p6v9

CVSS3: 5.5
github
больше 3 лет назад

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.

suse-cvrf логотип

openSUSE-SU-2020:0599-1

suse-cvrf
почти 6 лет назад

Security update for xen

EPSS

Процентиль: 29%
0.00108
Низкий

5.5 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-212