vulnerability
Ubuntu: (Multiple Advisories) (CVE-2020-11740): Xen vulnerabilities
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 2 | (AV:L/AC:L/Au:N/C:P/I:N/A:N) | Apr 14, 2020 | Sep 20, 2022 | Mar 27, 2026 |
Severity
2
CVSS
(AV:L/AC:L/Au:N/C:P/I:N/A:N)
Published
Apr 14, 2020
Added
Sep 20, 2022
Modified
Mar 27, 2026
Description
An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.
Solutions
ubuntu-upgrade-libxendevicemodel1ubuntu-upgrade-libxenevtchn1ubuntu-upgrade-libxengnttab1ubuntu-upgrade-libxenmisc4-11ubuntu-upgrade-xen-hypervisor-4-11-amd64ubuntu-upgrade-xen-hypervisor-4-11-arm64ubuntu-upgrade-xen-hypervisor-4-11-armhfubuntu-upgrade-xen-utils-4-11ubuntu-upgrade-xen-utils-commonubuntu-upgrade-xenstore-utils
References
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.