{
  "threat_severity" : "Moderate",
  "public_date" : "2020-04-14T00:00:00Z",
  "bugzilla" : {
    "description" : "xen: xenoprof issue allows guest OS users without active profiling to obtain sensitive information about other guests (XSA-313)",
    "id" : "1823911",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1823911"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "status" : "draft"
  },
  "cwe" : "CWE-862",
  "details" : [ "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.", "A flaw was found in xenoprof in Xen through versions 4.13.x. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests to obtain sensitive information about other guests. The highest threat from this vulnerability is to data confidentiality." ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "kernel-xen",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-11740\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-11740" ],
  "name" : "CVE-2020-11740",
  "csaw" : false
}