FortiClient VulnerabilityFedora xen CVE-2020-11741 Missing Initialization of Resource Vulnerability
Description
A flaw was found in Xenoprof in the Xen virtual machine through version 4.13.x, where it allows guest OS users, with active profiling, to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests with active profiling enabled by the administrator, the Xenoprof code uses the standard Xen shared ring structure. With this flaw, the code does not treat the guest as a potential attacker, and it trusts the guest not to modify the buffer size information and not modify the head/tail pointers in unexpected ways, which can lead to a denial of service or escalation of privileges.
Affected Applications
xen
CVE References
CVE-2020-11741Other References
https://bugzilla.redhat.com/show_bug.cgi?id=1823913| ID | 63590 |
| Created | Apr 25, 2020 |
| Description Updated |
Jan 24, 2024 |
| Risk |
|
| Coverage | FortiClient |
| OS | Linux |
| Vendor | Fedora |
| Patch | auto |
| Application | xen |