CVE-2020-11741

HIGH

Xen < 4.13.0 - Denial of Service via Xenoprof Shared Ring Buffer Manipulation

Title source: llm
STIX 2.1

Description

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.

References (9)

Core 9
Core References
Patch, Vendor Advisory x_refsource_misc
https://xenbits.xen.org/xsa/advisory-313.html
Patch, Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-313.html
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/04/14/1
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202005-08
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2020/dsa-4723

Scores

CVSS v3 8.8
EPSS 0.0042
EPSS Percentile 33.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Details

CWE
CWE-909
Status published
Products (7)
debian/debian_linux 10.0
fedoraproject/fedora 30
fedoraproject/fedora 31
fedoraproject/fedora 32
opensuse/leap 15.1
xen/xen 4.13.0 rc1 (2 CPE variants)
xen/xen < 4.13.0
Published Apr 14, 2020
Tracked Since Feb 18, 2026