vulnerability
Ubuntu: (Multiple Advisories) (CVE-2020-11740): Xen vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Apr 14, 2020 | Sep 20, 2022 | Oct 23, 2024 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
Apr 14, 2020
Added
Sep 20, 2022
Modified
Oct 23, 2024
Description
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.
Solution(s)
ubuntu-upgrade-libxendevicemodel1ubuntu-upgrade-libxenevtchn1ubuntu-upgrade-libxengnttab1ubuntu-upgrade-libxenmisc4-11ubuntu-upgrade-xen-hypervisor-4-11-amd64ubuntu-upgrade-xen-hypervisor-4-11-arm64ubuntu-upgrade-xen-hypervisor-4-11-armhfubuntu-upgrade-xen-utils-4-11ubuntu-upgrade-xen-utils-commonubuntu-upgrade-xenstore-utils
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.