Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-11741 (GCVE-0-2020-11741)
Vulnerability from cvelistv5 – Published: 2020-04-14 12:18 – Updated: 2024-08-04 11:41
VLAI
EPSS
Summary
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://xenbits.xen.org/xsa/advisory-313.html | x_refsource_MISC |
| http://xenbits.xen.org/xsa/advisory-313.html | x_refsource_CONFIRM |
| http://www.openwall.com/lists/oss-security/2020/04/14/1 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| http://lists.opensuse.org/opensuse-security-annou… | vendor-advisoryx_refsource_SUSE |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202005-08 | vendor-advisoryx_refsource_GENTOO |
| https://www.debian.org/security/2020/dsa-4723 | vendor-advisoryx_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:41:58.158Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://xenbits.xen.org/xsa/advisory-313.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://xenbits.xen.org/xsa/advisory-313.html"
},
{
"name": "[oss-security] 20200414 Xen Security Advisory 313 v3 (CVE-2020-11740,CVE-2020-11741) - multiple xenoprof issues",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/14/1"
},
{
"name": "FEDORA-2020-440457afe4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
},
{
"name": "FEDORA-2020-295ed0b1e0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
},
{
"name": "openSUSE-SU-2020:0599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
},
{
"name": "FEDORA-2020-cbc3149753",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"name": "GLSA-202005-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202005-08"
},
{
"name": "DSA-4723",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2020/dsa-4723"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-13T15:06:06.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://xenbits.xen.org/xsa/advisory-313.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://xenbits.xen.org/xsa/advisory-313.html"
},
{
"name": "[oss-security] 20200414 Xen Security Advisory 313 v3 (CVE-2020-11740,CVE-2020-11741) - multiple xenoprof issues",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/14/1"
},
{
"name": "FEDORA-2020-440457afe4",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
},
{
"name": "FEDORA-2020-295ed0b1e0",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
},
{
"name": "openSUSE-SU-2020:0599",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
},
{
"name": "FEDORA-2020-cbc3149753",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"name": "GLSA-202005-08",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202005-08"
},
{
"name": "DSA-4723",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2020/dsa-4723"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-313.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-313.html"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-313.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-313.html"
},
{
"name": "[oss-security] 20200414 Xen Security Advisory 313 v3 (CVE-2020-11740,CVE-2020-11741) - multiple xenoprof issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/04/14/1"
},
{
"name": "FEDORA-2020-440457afe4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
},
{
"name": "FEDORA-2020-295ed0b1e0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
},
{
"name": "openSUSE-SU-2020:0599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
},
{
"name": "FEDORA-2020-cbc3149753",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"name": "GLSA-202005-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-08"
},
{
"name": "DSA-4723",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4723"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-11741",
"datePublished": "2020-04-14T12:18:52.000Z",
"dateReserved": "2020-04-14T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:41:58.158Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-11741",
"date": "2026-05-27",
"epss": "0.00113",
"percentile": "0.29436"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.13.0\", \"matchCriteriaId\": \"3BD625DD-3C5E-4849-88A6-464AA7AC6F88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BEB8A75-3CF5-4DA3-9159-16675A47D842\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAC2A87A-73F2-4D40-8EDB-8373B938FC11\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \\\"active\\\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en xenoprof en Xen versiones hasta 4.13.x, que permit\\u00eda a usuarios invitados del Sistema Operativo (con perfiles activos) obtener informaci\\u00f3n confidencial sobre otros invitados, causar una denegaci\\u00f3n de servicio o posiblemente alcanzar privilegios. Para aquellos invitados a los que el administrador habilit\\u00f3 la creaci\\u00f3n de perfiles \\\"active\\\", el c\\u00f3digo xenoprof usa la estructura de anillo compartida de Xen est\\u00e1ndar. Desafortunadamente, este c\\u00f3digo no trat\\u00f3 al invitado como un adversario potencial: conf\\u00eda en que el invitado no modificar\\u00e1 la informaci\\u00f3n del tama\\u00f1o del b\\u00fafer ni modificar\\u00e1 los punteros de cabeza y cola de forma inesperada. Esto puede bloquear el host (DoS). La escalada de privilegios no puede ser descartada.\"}]",
"id": "CVE-2020-11741",
"lastModified": "2024-11-21T04:58:31.640",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.0, \"impactScore\": 6.0}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2020-04-14T13:15:12.843",
"references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2020/04/14/1\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-313.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202005-08\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4723\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-313.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2020/04/14/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-313.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202005-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2020/dsa-4723\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-313.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-909\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-11741\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-04-14T13:15:12.843\",\"lastModified\":\"2024-11-21T04:58:31.640\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \\\"active\\\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en xenoprof en Xen versiones hasta 4.13.x, que permit\u00eda a usuarios invitados del Sistema Operativo (con perfiles activos) obtener informaci\u00f3n confidencial sobre otros invitados, causar una denegaci\u00f3n de servicio o posiblemente alcanzar privilegios. Para aquellos invitados a los que el administrador habilit\u00f3 la creaci\u00f3n de perfiles \\\"active\\\", el c\u00f3digo xenoprof usa la estructura de anillo compartida de Xen est\u00e1ndar. Desafortunadamente, este c\u00f3digo no trat\u00f3 al invitado como un adversario potencial: conf\u00eda en que el invitado no modificar\u00e1 la informaci\u00f3n del tama\u00f1o del b\u00fafer ni modificar\u00e1 los punteros de cabeza y cola de forma inesperada. Esto puede bloquear el host (DoS). La escalada de privilegios no puede ser descartada.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.0,\"impactScore\":6.0}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-909\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.13.0\",\"matchCriteriaId\":\"3BD625DD-3C5E-4849-88A6-464AA7AC6F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BEB8A75-3CF5-4DA3-9159-16675A47D842\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAC2A87A-73F2-4D40-8EDB-8373B938FC11\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"97A4B8DF-58DA-4AB6-A1F9-331B36409BA3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"80F0FA5D-8D3B-4C0E-81E2-87998286AF33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B620311B-34A3-48A6-82DF-6F078D7A4493\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/04/14/1\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-313.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202005-08\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4723\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xen.org/xsa/advisory-313.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/04/14/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-313.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202005-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2020/dsa-4723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://xenbits.xen.org/xsa/advisory-313.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]}]}}"
}
}
CERTFR-2020-AVI-205
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Xen. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-11741",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11741"
},
{
"name": "CVE-2020-11742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11742"
},
{
"name": "CVE-2020-11743",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11743"
},
{
"name": "CVE-2020-11739",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11739"
},
{
"name": "CVE-2020-11740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11740"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-205",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-314 du 14 avril 2020",
"url": "https://xenbits.xen.org/xsa/advisory-314.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-318 du 14 avril 2020",
"url": "https://xenbits.xen.org/xsa/advisory-318.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-313 du 14 avril 2020",
"url": "https://xenbits.xen.org/xsa/advisory-313.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-316 du 14 avril 2020",
"url": "https://xenbits.xen.org/xsa/advisory-316.html"
}
]
}
CERTFR-2020-AVI-213
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.1 LTSR CU2 sans le correctif de sécurité XS71ECU2037 | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor version 8.0 sans le correctif de sécurité XS80E010 | ||
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.0 sans le correctif de sécurité XS70E077 | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor version 8.1 sans le correctif de sécurité XS81E003 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix XenServer version 7.1 LTSR CU2 sans le correctif de s\u00e9curit\u00e9 XS71ECU2037",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor version 8.0 sans le correctif de s\u00e9curit\u00e9 XS80E010",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer version 7.0 sans le correctif de s\u00e9curit\u00e9 XS70E077",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor version 8.1 sans le correctif de s\u00e9curit\u00e9 XS81E003",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-11741",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11741"
},
{
"name": "CVE-2020-11742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11742"
},
{
"name": "CVE-2020-11743",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11743"
},
{
"name": "CVE-2020-11740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11740"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-213",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Hypervisor.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Hypervisor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX270837 du 14 avril 2020",
"url": "https://support.citrix.com/article/CTX270837"
}
]
}
CERTFR-2020-AVI-205
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Xen. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
"product": {
"name": "Xen",
"vendor": {
"name": "XEN",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-11741",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11741"
},
{
"name": "CVE-2020-11742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11742"
},
{
"name": "CVE-2020-11743",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11743"
},
{
"name": "CVE-2020-11739",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11739"
},
{
"name": "CVE-2020-11740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11740"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-205",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-14T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-314 du 14 avril 2020",
"url": "https://xenbits.xen.org/xsa/advisory-314.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-318 du 14 avril 2020",
"url": "https://xenbits.xen.org/xsa/advisory-318.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-313 du 14 avril 2020",
"url": "https://xenbits.xen.org/xsa/advisory-313.html"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-316 du 14 avril 2020",
"url": "https://xenbits.xen.org/xsa/advisory-316.html"
}
]
}
CERTFR-2020-AVI-213
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.1 LTSR CU2 sans le correctif de sécurité XS71ECU2037 | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor version 8.0 sans le correctif de sécurité XS80E010 | ||
| Citrix | Citrix Hypervisor | Citrix XenServer version 7.0 sans le correctif de sécurité XS70E077 | ||
| Citrix | Citrix Hypervisor | Citrix Hypervisor version 8.1 sans le correctif de sécurité XS81E003 |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "Citrix XenServer version 7.1 LTSR CU2 sans le correctif de s\u00e9curit\u00e9 XS71ECU2037",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor version 8.0 sans le correctif de s\u00e9curit\u00e9 XS80E010",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix XenServer version 7.0 sans le correctif de s\u00e9curit\u00e9 XS70E077",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
},
{
"description": "Citrix Hypervisor version 8.1 sans le correctif de s\u00e9curit\u00e9 XS81E003",
"product": {
"name": "Citrix Hypervisor",
"vendor": {
"name": "Citrix",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-11741",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11741"
},
{
"name": "CVE-2020-11742",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11742"
},
{
"name": "CVE-2020-11743",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11743"
},
{
"name": "CVE-2020-11740",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-11740"
}
],
"links": [],
"reference": "CERTFR-2020-AVI-213",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2020-04-15T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Hypervisor.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Hypervisor",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX270837 du 14 avril 2020",
"url": "https://support.citrix.com/article/CTX270837"
}
]
}
CNVD-2020-32853
Vulnerability from cnvd - Published: 2020-06-13
VLAI
Title
Xen存在未明漏洞(CNVD-2020-32853)
Description
Xen是一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。
Xen 4.13.x及之前版本中的xenoprof存在安全漏洞。攻击者可利用该漏洞获取敏感信息,导致拒绝服务或可能提升权限。
Severity
高
Patch Name
Xen存在未明漏洞(CNVD-2020-32853)的补丁
Patch Description
Xen是一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上,并支持在运行时进行迁移,保证正常运行并且避免宕机。
Xen 4.13.x及之前版本中的xenoprof存在安全漏洞。攻击者可利用该漏洞获取敏感信息,导致拒绝服务或可能提升权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://xenbits.xen.org/xsa/advisory-313.html
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-11741
Impacted products
| Name | Xen Xen <=4.13.* |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-11741"
}
},
"description": "Xen\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u4f7f\u4e0d\u540c\u548c\u4e0d\u517c\u5bb9\u7684\u64cd\u4f5c\u7cfb\u7edf\u8fd0\u884c\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\uff0c\u5e76\u652f\u6301\u5728\u8fd0\u884c\u65f6\u8fdb\u884c\u8fc1\u79fb\uff0c\u4fdd\u8bc1\u6b63\u5e38\u8fd0\u884c\u5e76\u4e14\u907f\u514d\u5b95\u673a\u3002 \n\nXen 4.13.x\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684xenoprof\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u53ef\u80fd\u63d0\u5347\u6743\u9650\u3002",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://xenbits.xen.org/xsa/advisory-313.html",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2020-32853",
"openTime": "2020-06-13",
"patchDescription": "Xen\u662f\u4e00\u6b3e\u5f00\u6e90\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u4f7f\u4e0d\u540c\u548c\u4e0d\u517c\u5bb9\u7684\u64cd\u4f5c\u7cfb\u7edf\u8fd0\u884c\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\uff0c\u5e76\u652f\u6301\u5728\u8fd0\u884c\u65f6\u8fdb\u884c\u8fc1\u79fb\uff0c\u4fdd\u8bc1\u6b63\u5e38\u8fd0\u884c\u5e76\u4e14\u907f\u514d\u5b95\u673a\u3002 \r\n\r\nXen 4.13.x\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u7684xenoprof\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u654f\u611f\u4fe1\u606f\uff0c\u5bfc\u81f4\u62d2\u7edd\u670d\u52a1\u6216\u53ef\u80fd\u63d0\u5347\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Xen\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2020-32853\uff09\u7684\u8865\u4e01",
"products": {
"product": "Xen Xen \u003c=4.13.*"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-11741",
"serverity": "\u9ad8",
"submitTime": "2020-04-15",
"title": "Xen\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\uff08CNVD-2020-32853\uff09"
}
FKIE_CVE-2020-11741
Vulnerability from fkie_nvd - Published: 2020-04-14 13:15 - Updated: 2024-11-21 04:58
Severity
Summary
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| xen | xen | * | |
| xen | xen | 4.13.0 | |
| xen | xen | 4.13.0 | |
| fedoraproject | fedora | 30 | |
| fedoraproject | fedora | 31 | |
| fedoraproject | fedora | 32 | |
| debian | debian_linux | 10.0 | |
| opensuse | leap | 15.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"matchCriteriaId": "3BD625DD-3C5E-4849-88A6-464AA7AC6F88",
"versionEndIncluding": "4.13.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*",
"matchCriteriaId": "5BEB8A75-3CF5-4DA3-9159-16675A47D842",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*",
"matchCriteriaId": "DAC2A87A-73F2-4D40-8EDB-8373B938FC11",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"matchCriteriaId": "97A4B8DF-58DA-4AB6-A1F9-331B36409BA3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"matchCriteriaId": "80F0FA5D-8D3B-4C0E-81E2-87998286AF33",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out."
},
{
"lang": "es",
"value": "Se detect\u00f3 un problema en xenoprof en Xen versiones hasta 4.13.x, que permit\u00eda a usuarios invitados del Sistema Operativo (con perfiles activos) obtener informaci\u00f3n confidencial sobre otros invitados, causar una denegaci\u00f3n de servicio o posiblemente alcanzar privilegios. Para aquellos invitados a los que el administrador habilit\u00f3 la creaci\u00f3n de perfiles \"active\", el c\u00f3digo xenoprof usa la estructura de anillo compartida de Xen est\u00e1ndar. Desafortunadamente, este c\u00f3digo no trat\u00f3 al invitado como un adversario potencial: conf\u00eda en que el invitado no modificar\u00e1 la informaci\u00f3n del tama\u00f1o del b\u00fafer ni modificar\u00e1 los punteros de cabeza y cola de forma inesperada. Esto puede bloquear el host (DoS). La escalada de privilegios no puede ser descartada."
}
],
"id": "CVE-2020-11741",
"lastModified": "2024-11-21T04:58:31.640",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2020-04-14T13:15:12.843",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/14/1"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-313.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-08"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-313.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/14/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-313.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-08"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-313.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-909"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-XQC2-QQQ8-XFJ5
Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14
VLAI
Details
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.
Severity
8.8 (High)
{
"affected": [],
"aliases": [
"CVE-2020-11741"
],
"database_specific": {
"cwe_ids": [
"CWE-862",
"CWE-909"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2020-04-14T13:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.",
"id": "GHSA-xqc2-qqq8-xfj5",
"modified": "2022-05-24T17:14:11Z",
"published": "2022-05-24T17:14:11Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11741"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202005-08"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2020/dsa-4723"
},
{
"type": "WEB",
"url": "https://xenbits.xen.org/xsa/advisory-313.html"
},
{
"type": "WEB",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2020/04/14/1"
},
{
"type": "WEB",
"url": "http://xenbits.xen.org/xsa/advisory-313.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2020-11741
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-11741",
"description": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.",
"id": "GSD-2020-11741",
"references": [
"https://www.suse.com/security/cve/CVE-2020-11741.html",
"https://www.debian.org/security/2020/dsa-4723",
"https://ubuntu.com/security/CVE-2020-11741"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-11741"
],
"details": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.",
"id": "GSD-2020-11741",
"modified": "2023-12-13T01:22:08.391422Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11741",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-313.html",
"refsource": "MISC",
"url": "https://xenbits.xen.org/xsa/advisory-313.html"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-313.html",
"refsource": "CONFIRM",
"url": "http://xenbits.xen.org/xsa/advisory-313.html"
},
{
"name": "[oss-security] 20200414 Xen Security Advisory 313 v3 (CVE-2020-11740,CVE-2020-11741) - multiple xenoprof issues",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2020/04/14/1"
},
{
"name": "FEDORA-2020-440457afe4",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
},
{
"name": "FEDORA-2020-295ed0b1e0",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
},
{
"name": "openSUSE-SU-2020:0599",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
},
{
"name": "FEDORA-2020-cbc3149753",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"name": "GLSA-202005-08",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202005-08"
},
{
"name": "DSA-4723",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2020/dsa-4723"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.13.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-11741"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-909"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://xenbits.xen.org/xsa/advisory-313.html",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://xenbits.xen.org/xsa/advisory-313.html"
},
{
"name": "http://xenbits.xen.org/xsa/advisory-313.html",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://xenbits.xen.org/xsa/advisory-313.html"
},
{
"name": "[oss-security] 20200414 Xen Security Advisory 313 v3 (CVE-2020-11740,CVE-2020-11741) - multiple xenoprof issues",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2020/04/14/1"
},
{
"name": "FEDORA-2020-440457afe4",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
},
{
"name": "FEDORA-2020-295ed0b1e0",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
},
{
"name": "openSUSE-SU-2020:0599",
"refsource": "SUSE",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
},
{
"name": "FEDORA-2020-cbc3149753",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
},
{
"name": "GLSA-202005-08",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202005-08"
},
{
"name": "DSA-4723",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2020/dsa-4723"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.0,
"impactScore": 6.0
}
},
"lastModifiedDate": "2022-05-03T14:06Z",
"publishedDate": "2020-04-14T13:15Z"
}
}
}
OPENSUSE-SU-2020:0599-1
Vulnerability from csaf_opensuse - Published: 2020-05-01 18:28 - Updated: 2020-05-01 18:28Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
Security issues fixed:
- CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).
- CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140).
- CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142).
- CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).
- arm: a CPU may speculate past the ERET instruction (bsc#1160932).
Non-security issues fixed:
- Xenstored Crashed during VM install (bsc#1167152)
- DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206, bsc#1134506)
- Update API compatibility versions, fixes issues for libvirt. (bsc#1167007, bsc#1157490)
- aacraid blocks xen commands (bsc#1155200)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2020-599
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).\n- CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140).\n- CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142).\n- CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).\n- arm: a CPU may speculate past the ERET instruction (bsc#1160932).\n\nNon-security issues fixed:\n\n- Xenstored Crashed during VM install (bsc#1167152)\n- DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206, bsc#1134506)\n- Update API compatibility versions, fixes issues for libvirt. (bsc#1167007, bsc#1157490)\n- aacraid blocks xen commands (bsc#1155200)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2020-599",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0599-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2020:0599-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UOGIHSVHR5GUF43UV76QYSDRKANB2S5G/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2020:0599-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UOGIHSVHR5GUF43UV76QYSDRKANB2S5G/"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1134506",
"url": "https://bugzilla.suse.com/1134506"
},
{
"category": "self",
"summary": "SUSE Bug 1155200",
"url": "https://bugzilla.suse.com/1155200"
},
{
"category": "self",
"summary": "SUSE Bug 1157490",
"url": "https://bugzilla.suse.com/1157490"
},
{
"category": "self",
"summary": "SUSE Bug 1160932",
"url": "https://bugzilla.suse.com/1160932"
},
{
"category": "self",
"summary": "SUSE Bug 1165206",
"url": "https://bugzilla.suse.com/1165206"
},
{
"category": "self",
"summary": "SUSE Bug 1167007",
"url": "https://bugzilla.suse.com/1167007"
},
{
"category": "self",
"summary": "SUSE Bug 1167152",
"url": "https://bugzilla.suse.com/1167152"
},
{
"category": "self",
"summary": "SUSE Bug 1168140",
"url": "https://bugzilla.suse.com/1168140"
},
{
"category": "self",
"summary": "SUSE Bug 1168142",
"url": "https://bugzilla.suse.com/1168142"
},
{
"category": "self",
"summary": "SUSE Bug 1168143",
"url": "https://bugzilla.suse.com/1168143"
},
{
"category": "self",
"summary": "SUSE Bug 1169392",
"url": "https://bugzilla.suse.com/1169392"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11739 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11740 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11741 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11742 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11743 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11743/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-05-01T18:28:33Z",
"generator": {
"date": "2020-05-01T18:28:33Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2020:0599-1",
"initial_release_date": "2020-05-01T18:28:33Z",
"revision_history": [
{
"date": "2020-05-01T18:28:33Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.2_04-lp151.2.15.1.i586",
"product": {
"name": "xen-devel-4.12.2_04-lp151.2.15.1.i586",
"product_id": "xen-devel-4.12.2_04-lp151.2.15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.2_04-lp151.2.15.1.i586",
"product": {
"name": "xen-libs-4.12.2_04-lp151.2.15.1.i586",
"product_id": "xen-libs-4.12.2_04-lp151.2.15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"product": {
"name": "xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"product_id": "xen-tools-domU-4.12.2_04-lp151.2.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.2_04-lp151.2.15.1.x86_64",
"product": {
"name": "xen-4.12.2_04-lp151.2.15.1.x86_64",
"product_id": "xen-4.12.2_04-lp151.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"product": {
"name": "xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"product_id": "xen-devel-4.12.2_04-lp151.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"product_id": "xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"product": {
"name": "xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"product_id": "xen-libs-4.12.2_04-lp151.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"product_id": "xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"product": {
"name": "xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"product_id": "xen-tools-4.12.2_04-lp151.2.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64",
"product_id": "xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.1",
"product": {
"name": "openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64"
},
"product_reference": "xen-4.12.2_04-lp151.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.2_04-lp151.2.15.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586"
},
"product_reference": "xen-devel-4.12.2_04-lp151.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64"
},
"product_reference": "xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64"
},
"product_reference": "xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.2_04-lp151.2.15.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586"
},
"product_reference": "xen-libs-4.12.2_04-lp151.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64"
},
"product_reference": "xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64"
},
"product_reference": "xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64"
},
"product_reference": "xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.2_04-lp151.2.15.1.i586 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586"
},
"product_reference": "xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
"product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11739"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don\u0027t contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the \"critical\" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11739",
"url": "https://www.suse.com/security/cve/CVE-2020-11739"
},
{
"category": "external",
"summary": "SUSE Bug 1168142 for CVE-2020-11739",
"url": "https://bugzilla.suse.com/1168142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-01T18:28:33Z",
"details": "important"
}
],
"title": "CVE-2020-11739"
},
{
"cve": "CVE-2020-11740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11740"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11740",
"url": "https://www.suse.com/security/cve/CVE-2020-11740"
},
{
"category": "external",
"summary": "SUSE Bug 1168140 for CVE-2020-11740",
"url": "https://bugzilla.suse.com/1168140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-11740",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-01T18:28:33Z",
"details": "important"
}
],
"title": "CVE-2020-11740"
},
{
"cve": "CVE-2020-11741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11741"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11741",
"url": "https://www.suse.com/security/cve/CVE-2020-11741"
},
{
"category": "external",
"summary": "SUSE Bug 1168140 for CVE-2020-11741",
"url": "https://bugzilla.suse.com/1168140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-11741",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-01T18:28:33Z",
"details": "important"
}
],
"title": "CVE-2020-11741"
},
{
"cve": "CVE-2020-11742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11742"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11742",
"url": "https://www.suse.com/security/cve/CVE-2020-11742"
},
{
"category": "external",
"summary": "SUSE Bug 1169392 for CVE-2020-11742",
"url": "https://bugzilla.suse.com/1169392"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-11742",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-01T18:28:33Z",
"details": "moderate"
}
],
"title": "CVE-2020-11742"
},
{
"cve": "CVE-2020-11743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11743"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11743",
"url": "https://www.suse.com/security/cve/CVE-2020-11743"
},
{
"category": "external",
"summary": "SUSE Bug 1168143 for CVE-2020-11743",
"url": "https://bugzilla.suse.com/1168143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
"openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-05-01T18:28:33Z",
"details": "moderate"
}
],
"title": "CVE-2020-11743"
}
]
}
SUSE-SU-2020:1124-1
Vulnerability from csaf_suse - Published: 2020-04-28 05:49 - Updated: 2020-04-28 05:49Summary
Security update for xen
Severity
Important
Notes
Title of the patch: Security update for xen
Description of the patch: This update for xen fixes the following issues:
Security issues fixed:
- CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).
- CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140).
- CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142).
- CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).
- arm: a CPU may speculate past the ERET instruction (bsc#1160932).
Non-security issues fixed:
- Xenstored Crashed during VM install (bsc#1167152)
- DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206, bsc#1134506)
- Update API compatibility versions, fixes issues for libvirt. (bsc#1167007, bsc#1157490)
- aacraid blocks xen commands (bsc#1155200)
Patchnames: SUSE-2020-1124,SUSE-SLE-Module-Basesystem-15-SP1-2020-1124,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1124,SUSE-SLE-Module-Server-Applications-15-SP1-2020-1124
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
7.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.8 (High)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
4.3 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
5.5 (Medium)
Affected products
Recommended
5 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
34 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for xen",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for xen fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).\n- CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140).\n- CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142).\n- CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).\n- arm: a CPU may speculate past the ERET instruction (bsc#1160932).\n\nNon-security issues fixed:\n\n- Xenstored Crashed during VM install (bsc#1167152)\n- DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206, bsc#1134506)\n- Update API compatibility versions, fixes issues for libvirt. (bsc#1167007, bsc#1157490)\n- aacraid blocks xen commands (bsc#1155200)\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2020-1124,SUSE-SLE-Module-Basesystem-15-SP1-2020-1124,SUSE-SLE-Module-Development-Tools-OBS-15-SP1-2020-1124,SUSE-SLE-Module-Server-Applications-15-SP1-2020-1124",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2020_1124-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2020:1124-1",
"url": "https://www.suse.com/support/update/announcement/2020/suse-su-20201124-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2020:1124-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2020-April/006746.html"
},
{
"category": "self",
"summary": "SUSE Bug 1027519",
"url": "https://bugzilla.suse.com/1027519"
},
{
"category": "self",
"summary": "SUSE Bug 1134506",
"url": "https://bugzilla.suse.com/1134506"
},
{
"category": "self",
"summary": "SUSE Bug 1155200",
"url": "https://bugzilla.suse.com/1155200"
},
{
"category": "self",
"summary": "SUSE Bug 1157490",
"url": "https://bugzilla.suse.com/1157490"
},
{
"category": "self",
"summary": "SUSE Bug 1160932",
"url": "https://bugzilla.suse.com/1160932"
},
{
"category": "self",
"summary": "SUSE Bug 1165206",
"url": "https://bugzilla.suse.com/1165206"
},
{
"category": "self",
"summary": "SUSE Bug 1167007",
"url": "https://bugzilla.suse.com/1167007"
},
{
"category": "self",
"summary": "SUSE Bug 1167152",
"url": "https://bugzilla.suse.com/1167152"
},
{
"category": "self",
"summary": "SUSE Bug 1168140",
"url": "https://bugzilla.suse.com/1168140"
},
{
"category": "self",
"summary": "SUSE Bug 1168142",
"url": "https://bugzilla.suse.com/1168142"
},
{
"category": "self",
"summary": "SUSE Bug 1168143",
"url": "https://bugzilla.suse.com/1168143"
},
{
"category": "self",
"summary": "SUSE Bug 1169392",
"url": "https://bugzilla.suse.com/1169392"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11739 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11739/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11740 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11740/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11741 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11741/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11742 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11742/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-11743 page",
"url": "https://www.suse.com/security/cve/CVE-2020-11743/"
}
],
"title": "Security update for xen",
"tracking": {
"current_release_date": "2020-04-28T05:49:29Z",
"generator": {
"date": "2020-04-28T05:49:29Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2020:1124-1",
"initial_release_date": "2020-04-28T05:49:29Z",
"revision_history": [
{
"date": "2020-04-28T05:49:29Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.2_04-3.15.1.aarch64",
"product": {
"name": "xen-4.12.2_04-3.15.1.aarch64",
"product_id": "xen-4.12.2_04-3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.2_04-3.15.1.aarch64",
"product": {
"name": "xen-devel-4.12.2_04-3.15.1.aarch64",
"product_id": "xen-devel-4.12.2_04-3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.2_04-3.15.1.aarch64",
"product": {
"name": "xen-doc-html-4.12.2_04-3.15.1.aarch64",
"product_id": "xen-doc-html-4.12.2_04-3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.2_04-3.15.1.aarch64",
"product": {
"name": "xen-libs-4.12.2_04-3.15.1.aarch64",
"product_id": "xen-libs-4.12.2_04-3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.2_04-3.15.1.aarch64",
"product": {
"name": "xen-tools-4.12.2_04-3.15.1.aarch64",
"product_id": "xen-tools-4.12.2_04-3.15.1.aarch64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.2_04-3.15.1.aarch64",
"product": {
"name": "xen-tools-domU-4.12.2_04-3.15.1.aarch64",
"product_id": "xen-tools-domU-4.12.2_04-3.15.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-libs-64bit-4.12.2_04-3.15.1.aarch64_ilp32",
"product": {
"name": "xen-libs-64bit-4.12.2_04-3.15.1.aarch64_ilp32",
"product_id": "xen-libs-64bit-4.12.2_04-3.15.1.aarch64_ilp32"
}
}
],
"category": "architecture",
"name": "aarch64_ilp32"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-devel-4.12.2_04-3.15.1.i586",
"product": {
"name": "xen-devel-4.12.2_04-3.15.1.i586",
"product_id": "xen-devel-4.12.2_04-3.15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.2_04-3.15.1.i586",
"product": {
"name": "xen-libs-4.12.2_04-3.15.1.i586",
"product_id": "xen-libs-4.12.2_04-3.15.1.i586"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.2_04-3.15.1.i586",
"product": {
"name": "xen-tools-domU-4.12.2_04-3.15.1.i586",
"product_id": "xen-tools-domU-4.12.2_04-3.15.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "xen-4.12.2_04-3.15.1.x86_64",
"product": {
"name": "xen-4.12.2_04-3.15.1.x86_64",
"product_id": "xen-4.12.2_04-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-devel-4.12.2_04-3.15.1.x86_64",
"product": {
"name": "xen-devel-4.12.2_04-3.15.1.x86_64",
"product_id": "xen-devel-4.12.2_04-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-doc-html-4.12.2_04-3.15.1.x86_64",
"product": {
"name": "xen-doc-html-4.12.2_04-3.15.1.x86_64",
"product_id": "xen-doc-html-4.12.2_04-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-4.12.2_04-3.15.1.x86_64",
"product": {
"name": "xen-libs-4.12.2_04-3.15.1.x86_64",
"product_id": "xen-libs-4.12.2_04-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-libs-32bit-4.12.2_04-3.15.1.x86_64",
"product": {
"name": "xen-libs-32bit-4.12.2_04-3.15.1.x86_64",
"product_id": "xen-libs-32bit-4.12.2_04-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-4.12.2_04-3.15.1.x86_64",
"product": {
"name": "xen-tools-4.12.2_04-3.15.1.x86_64",
"product_id": "xen-tools-4.12.2_04-3.15.1.x86_64"
}
},
{
"category": "product_version",
"name": "xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"product": {
"name": "xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"product_id": "xen-tools-domU-4.12.2_04-3.15.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-basesystem:15:sp1"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product": {
"name": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-server-applications:15:sp1"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-libs-4.12.2_04-3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64"
},
"product_reference": "xen-libs-4.12.2_04-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-domU-4.12.2_04-3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Basesystem 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64"
},
"product_reference": "xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Basesystem 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-4.12.2_04-3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64"
},
"product_reference": "xen-4.12.2_04-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-devel-4.12.2_04-3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64"
},
"product_reference": "xen-devel-4.12.2_04-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "xen-tools-4.12.2_04-3.15.1.x86_64 as component of SUSE Linux Enterprise Module for Server Applications 15 SP1",
"product_id": "SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
},
"product_reference": "xen-tools-4.12.2_04-3.15.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Server Applications 15 SP1"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-11739",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11739"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don\u0027t contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the \"critical\" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11739",
"url": "https://www.suse.com/security/cve/CVE-2020-11739"
},
{
"category": "external",
"summary": "SUSE Bug 1168142 for CVE-2020-11739",
"url": "https://bugzilla.suse.com/1168142"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 7.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-28T05:49:29Z",
"details": "important"
}
],
"title": "CVE-2020-11739"
},
{
"cve": "CVE-2020-11740",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11740"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11740",
"url": "https://www.suse.com/security/cve/CVE-2020-11740"
},
{
"category": "external",
"summary": "SUSE Bug 1168140 for CVE-2020-11740",
"url": "https://bugzilla.suse.com/1168140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-11740",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-28T05:49:29Z",
"details": "important"
}
],
"title": "CVE-2020-11740"
},
{
"cve": "CVE-2020-11741",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11741"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11741",
"url": "https://www.suse.com/security/cve/CVE-2020-11741"
},
{
"category": "external",
"summary": "SUSE Bug 1168140 for CVE-2020-11741",
"url": "https://bugzilla.suse.com/1168140"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-11741",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.8,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-28T05:49:29Z",
"details": "important"
}
],
"title": "CVE-2020-11741"
},
{
"cve": "CVE-2020-11742",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11742"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11742",
"url": "https://www.suse.com/security/cve/CVE-2020-11742"
},
{
"category": "external",
"summary": "SUSE Bug 1169392 for CVE-2020-11742",
"url": "https://bugzilla.suse.com/1169392"
},
{
"category": "external",
"summary": "SUSE Bug 1178658 for CVE-2020-11742",
"url": "https://bugzilla.suse.com/1178658"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-28T05:49:29Z",
"details": "moderate"
}
],
"title": "CVE-2020-11742"
},
{
"cve": "CVE-2020-11743",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-11743"
}
],
"notes": [
{
"category": "general",
"text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-11743",
"url": "https://www.suse.com/security/cve/CVE-2020-11743"
},
{
"category": "external",
"summary": "SUSE Bug 1168143 for CVE-2020-11743",
"url": "https://bugzilla.suse.com/1168143"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-libs-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Basesystem 15 SP1:xen-tools-domU-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-devel-4.12.2_04-3.15.1.x86_64",
"SUSE Linux Enterprise Module for Server Applications 15 SP1:xen-tools-4.12.2_04-3.15.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2020-04-28T05:49:29Z",
"details": "moderate"
}
],
"title": "CVE-2020-11743"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…