{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-07-13T15:06:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://xenbits.xen.org/xsa/advisory-313.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://xenbits.xen.org/xsa/advisory-313.html"}, {"name": "[oss-security] 20200414 Xen Security Advisory 313 v3 (CVE-2020-11740,CVE-2020-11741) - multiple xenoprof issues", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2020/04/14/1"}, {"name": "FEDORA-2020-440457afe4", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"}, {"name": "FEDORA-2020-295ed0b1e0", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"}, {"name": "openSUSE-SU-2020:0599", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"}, {"name": "FEDORA-2020-cbc3149753", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"}, {"name": "GLSA-202005-08", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202005-08"}, {"name": "DSA-4723", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2020/dsa-4723"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-11741", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://xenbits.xen.org/xsa/advisory-313.html", "refsource": "MISC", "url": "https://xenbits.xen.org/xsa/advisory-313.html"}, {"name": "http://xenbits.xen.org/xsa/advisory-313.html", "refsource": "CONFIRM", "url": "http://xenbits.xen.org/xsa/advisory-313.html"}, {"name": "[oss-security] 20200414 Xen Security Advisory 313 v3 (CVE-2020-11740,CVE-2020-11741) - multiple xenoprof issues", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2020/04/14/1"}, {"name": "FEDORA-2020-440457afe4", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"}, {"name": "FEDORA-2020-295ed0b1e0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"}, {"name": "openSUSE-SU-2020:0599", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"}, {"name": "FEDORA-2020-cbc3149753", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"}, {"name": "GLSA-202005-08", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202005-08"}, {"name": "DSA-4723", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2020/dsa-4723"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:41:58.158Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://xenbits.xen.org/xsa/advisory-313.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://xenbits.xen.org/xsa/advisory-313.html"}, {"name": "[oss-security] 20200414 Xen Security Advisory 313 v3 (CVE-2020-11740,CVE-2020-11741) - multiple xenoprof issues", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2020/04/14/1"}, {"name": "FEDORA-2020-440457afe4", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"}, {"name": "FEDORA-2020-295ed0b1e0", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"}, {"name": "openSUSE-SU-2020:0599", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"}, {"name": "FEDORA-2020-cbc3149753", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"}, {"name": "GLSA-202005-08", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202005-08"}, {"name": "DSA-4723", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2020/dsa-4723"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-11741", "datePublished": "2020-04-14T12:18:52", "dateReserved": "2020-04-14T00:00:00", "dateUpdated": "2024-08-04T11:41:58.158Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*", "matchCriteriaId": "3BD625DD-3C5E-4849-88A6-464AA7AC6F88", "versionEndIncluding": "4.13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "5BEB8A75-3CF5-4DA3-9159-16675A47D842", "vulnerable": true}, {"criteria": "cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "DAC2A87A-73F2-4D40-8EDB-8373B938FC11", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*", "matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*", "matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*", "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out."}, {"lang": "es", "value": "Se detect\u00f3 un problema en xenoprof en Xen versiones hasta 4.13.x, que permit\u00eda a usuarios invitados del Sistema Operativo (con perfiles activos) obtener informaci\u00f3n confidencial sobre otros invitados, causar una denegaci\u00f3n de servicio o posiblemente alcanzar privilegios. Para aquellos invitados a los que el administrador habilit\u00f3 la creaci\u00f3n de perfiles \"active\", el c\u00f3digo xenoprof usa la estructura de anillo compartida de Xen est\u00e1ndar. Desafortunadamente, este c\u00f3digo no trat\u00f3 al invitado como un adversario potencial: conf\u00eda en que el invitado no modificar\u00e1 la informaci\u00f3n del tama\u00f1o del b\u00fafer ni modificar\u00e1 los punteros de cabeza y cola de forma inesperada. Esto puede bloquear el host (DoS). La escalada de privilegios no puede ser descartada."}], "id": "CVE-2020-11741", "lastModified": "2023-11-07T03:15:04.637", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-04-14T13:15:12.843", "references": [{"source": "cve@mitre.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2020/04/14/1"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://xenbits.xen.org/xsa/advisory-313.html"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202005-08"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2020/dsa-4723"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://xenbits.xen.org/xsa/advisory-313.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-909"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "xen: xenoprof issue allows guest OS users with active profiling to obtain sensitive information about other guests (XSA-313)", "id": "1823913", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1823913"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.1", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-862", "details": ["An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.", "A flaw was found in Xenoprof in the Xen virtual machine through version 4.13.x, where it allows guest OS users, with active profiling, to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests with \u201cactive\u201d profiling enabled by the administrator, the Xenoprof code uses the standard Xen shared ring structure. With this flaw, the code does not treat the guest as a potential attacker, and it trusts the guest not to modify the buffer size information and not modify the head/tail pointers in unexpected ways, which can lead to a denial of service or escalation of privileges."], "name": "CVE-2020-11741", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "kernel-xen", "product_name": "Red Hat Enterprise Linux 5"}], "public_date": "2020-04-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-11741\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11741"], "threat_severity": "Important"}