Vulnerability-Lookup

CVE-2020-11743 (GCVE-0-2020-11743)

Vulnerability from cvelistv5 – Published: 2020-04-14 12:20 – Updated: 2024-08-04 11:41

Summary

An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

9 references

URL	Tags
https://xenbits.xen.org/xsa/advisory-316.html	x_refsource_MISC
http://xenbits.xen.org/xsa/advisory-316.html	x_refsource_CONFIRM
http://www.openwall.com/lists/oss-security/2020/04/14/3	mailing-listx_refsource_MLIST
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
https://security.gentoo.org/glsa/202005-08	vendor-advisoryx_refsource_GENTOO
https://www.debian.org/security/2020/dsa-4723	vendor-advisoryx_refsource_DEBIAN

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T11:41:58.976Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://xenbits.xen.org/xsa/advisory-316.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://xenbits.xen.org/xsa/advisory-316.html"
          },
          {
            "name": "[oss-security] 20200414 Xen Security Advisory 316 v3 (CVE-2020-11743) - Bad error path in GNTTABOP_map_grant",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2020/04/14/3"
          },
          {
            "name": "FEDORA-2020-440457afe4",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
          },
          {
            "name": "FEDORA-2020-295ed0b1e0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
          },
          {
            "name": "openSUSE-SU-2020:0599",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
          },
          {
            "name": "FEDORA-2020-cbc3149753",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
          },
          {
            "name": "GLSA-202005-08",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202005-08"
          },
          {
            "name": "DSA-4723",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2020/dsa-4723"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-07-13T15:06:08.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://xenbits.xen.org/xsa/advisory-316.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://xenbits.xen.org/xsa/advisory-316.html"
        },
        {
          "name": "[oss-security] 20200414 Xen Security Advisory 316 v3 (CVE-2020-11743) - Bad error path in GNTTABOP_map_grant",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2020/04/14/3"
        },
        {
          "name": "FEDORA-2020-440457afe4",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
        },
        {
          "name": "FEDORA-2020-295ed0b1e0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
        },
        {
          "name": "openSUSE-SU-2020:0599",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
        },
        {
          "name": "FEDORA-2020-cbc3149753",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
        },
        {
          "name": "GLSA-202005-08",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202005-08"
        },
        {
          "name": "DSA-4723",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2020/dsa-4723"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11743",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://xenbits.xen.org/xsa/advisory-316.html",
              "refsource": "MISC",
              "url": "https://xenbits.xen.org/xsa/advisory-316.html"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-316.html",
              "refsource": "CONFIRM",
              "url": "http://xenbits.xen.org/xsa/advisory-316.html"
            },
            {
              "name": "[oss-security] 20200414 Xen Security Advisory 316 v3 (CVE-2020-11743) - Bad error path in GNTTABOP_map_grant",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2020/04/14/3"
            },
            {
              "name": "FEDORA-2020-440457afe4",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
            },
            {
              "name": "FEDORA-2020-295ed0b1e0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
            },
            {
              "name": "openSUSE-SU-2020:0599",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
            },
            {
              "name": "FEDORA-2020-cbc3149753",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
            },
            {
              "name": "GLSA-202005-08",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202005-08"
            },
            {
              "name": "DSA-4723",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2020/dsa-4723"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-11743",
    "datePublished": "2020-04-14T12:20:24.000Z",
    "dateReserved": "2020-04-14T00:00:00.000Z",
    "dateUpdated": "2024-08-04T11:41:58.976Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2020-11743",
      "date": "2026-05-19",
      "epss": "0.00094",
      "percentile": "0.26033"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"4.13.0\", \"matchCriteriaId\": \"3BD625DD-3C5E-4849-88A6-464AA7AC6F88\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*\", \"matchCriteriaId\": \"5BEB8A75-3CF5-4DA3-9159-16675A47D842\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*\", \"matchCriteriaId\": \"DAC2A87A-73F2-4D40-8EDB-8373B938FC11\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.\"}, {\"lang\": \"es\", \"value\": \"Se detect\\u00f3 un problema en Xen versiones hasta 4.13.x, permitiendo a usuarios invitados del Sistema Operativo causar una denegaci\\u00f3n de servicio debido a una ruta de error incorrecta en GNTTABOP_map_grant. Es esperado que las operaciones de la tabla de concesiones devuelvan 0 para el \\u00e9xito y un n\\u00famero negativo para los errores. Algunos corchetes mal colocados causan que una ruta de error devuelva 1 en lugar de un valor negativo. El c\\u00f3digo de la tabla de concesi\\u00f3n en Linux trata esta condici\\u00f3n como exitosa y contin\\u00faa incorrectamente con un estado inicializado. Un invitado con errores o malicioso puede construir su tabla de concesi\\u00f3n de tal manera que, cuando un dominio del backend intente asignar una concesi\\u00f3n, llegue a la ruta de error incorrecta. Esto bloquear\\u00e1 un dom0 o un dominio del backend basado en Linux.\"}]",
      "id": "CVE-2020-11743",
      "lastModified": "2024-11-21T04:58:31.960",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:N/I:N/A:P\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2020-04-14T13:15:12.970",
      "references": "[{\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2020/04/14/3\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-316.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://security.gentoo.org/glsa/202005-08\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4723\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-316.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2020/04/14/3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"http://xenbits.xen.org/xsa/advisory-316.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202005-08\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.debian.org/security/2020/dsa-4723\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://xenbits.xen.org/xsa/advisory-316.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-755\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2020-11743\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2020-04-14T13:15:12.970\",\"lastModified\":\"2024-11-21T04:58:31.960\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.\"},{\"lang\":\"es\",\"value\":\"Se detect\u00f3 un problema en Xen versiones hasta 4.13.x, permitiendo a usuarios invitados del Sistema Operativo causar una denegaci\u00f3n de servicio debido a una ruta de error incorrecta en GNTTABOP_map_grant. Es esperado que las operaciones de la tabla de concesiones devuelvan 0 para el \u00e9xito y un n\u00famero negativo para los errores. Algunos corchetes mal colocados causan que una ruta de error devuelva 1 en lugar de un valor negativo. El c\u00f3digo de la tabla de concesi\u00f3n en Linux trata esta condici\u00f3n como exitosa y contin\u00faa incorrectamente con un estado inicializado. Un invitado con errores o malicioso puede construir su tabla de concesi\u00f3n de tal manera que, cuando un dominio del backend intente asignar una concesi\u00f3n, llegue a la ruta de error incorrecta. Esto bloquear\u00e1 un dom0 o un dominio del backend basado en Linux.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:N/I:N/A:P\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-755\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"4.13.0\",\"matchCriteriaId\":\"3BD625DD-3C5E-4849-88A6-464AA7AC6F88\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"5BEB8A75-3CF5-4DA3-9159-16675A47D842\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"DAC2A87A-73F2-4D40-8EDB-8373B938FC11\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"}]}]}],\"references\":[{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/04/14/3\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-316.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://security.gentoo.org/glsa/202005-08\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4723\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://xenbits.xen.org/xsa/advisory-316.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2020/04/14/3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://xenbits.xen.org/xsa/advisory-316.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202005-08\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.debian.org/security/2020/dsa-4723\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://xenbits.xen.org/xsa/advisory-316.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}"
  }
}

CERTFR-2020-AVI-205

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Xen. Certaines d'entre elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	XEN	Xen	Xen toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Xen XSA-314 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Xen XSA-318 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Xen XSA-313 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Xen XSA-316 du 14 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Xen",
        "vendor": {
          "name": "XEN",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-11741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11741"
    },
    {
      "name": "CVE-2020-11742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11742"
    },
    {
      "name": "CVE-2020-11743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11743"
    },
    {
      "name": "CVE-2020-11739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11739"
    },
    {
      "name": "CVE-2020-11740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11740"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-205",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-314 du 14 avril 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-314.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-318 du 14 avril 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-318.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-313 du 14 avril 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-313.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-316 du 14 avril 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-316.html"
    }
  ]
}

CERTFR-2020-AVI-213

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans Citrix Hypervisor. Elles permettent à un attaquant de provoquer un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	Citrix Hypervisor	Citrix XenServer version 7.1 LTSR CU2 sans le correctif de sécurité XS71ECU2037
Citrix	Citrix Hypervisor	Citrix Hypervisor version 8.0 sans le correctif de sécurité XS80E010
Citrix	Citrix Hypervisor	Citrix XenServer version 7.0 sans le correctif de sécurité XS70E077
Citrix	Citrix Hypervisor	Citrix Hypervisor version 8.1 sans le correctif de sécurité XS81E003

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX270837 du 14 avril 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix XenServer version 7.1 LTSR CU2 sans le correctif de s\u00e9curit\u00e9 XS71ECU2037",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Hypervisor version 8.0 sans le correctif de s\u00e9curit\u00e9 XS80E010",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 7.0 sans le correctif de s\u00e9curit\u00e9 XS70E077",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Hypervisor version 8.1 sans le correctif de s\u00e9curit\u00e9 XS81E003",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-11741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11741"
    },
    {
      "name": "CVE-2020-11742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11742"
    },
    {
      "name": "CVE-2020-11743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11743"
    },
    {
      "name": "CVE-2020-11740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11740"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-213",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Hypervisor.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Hypervisor",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX270837 du 14 avril 2020",
      "url": "https://support.citrix.com/article/CTX270837"
    }
  ]
}

CERTFR-2020-AVI-205

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	XEN	Xen	Xen toutes versions sans le dernier correctif de sécurité

References

Title

Publication Time

Tags

Bulletin de sécurité Xen XSA-314 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Xen XSA-318 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Xen XSA-313 du 14 avril 2020	None	vendor-advisory
Bulletin de sécurité Xen XSA-316 du 14 avril 2020	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Xen toutes versions sans le dernier correctif de s\u00e9curit\u00e9",
      "product": {
        "name": "Xen",
        "vendor": {
          "name": "XEN",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-11741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11741"
    },
    {
      "name": "CVE-2020-11742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11742"
    },
    {
      "name": "CVE-2020-11743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11743"
    },
    {
      "name": "CVE-2020-11739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11739"
    },
    {
      "name": "CVE-2020-11740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11740"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-205",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Xen. Certaines\nd\u0027entre elles permettent \u00e0 un attaquant de provoquer un probl\u00e8me de\ns\u00e9curit\u00e9 non sp\u00e9cifi\u00e9 par l\u0027\u00e9diteur, un d\u00e9ni de service \u00e0 distance et\nune atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Xen",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-314 du 14 avril 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-314.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-318 du 14 avril 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-318.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-313 du 14 avril 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-313.html"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Xen XSA-316 du 14 avril 2020",
      "url": "https://xenbits.xen.org/xsa/advisory-316.html"
    }
  ]
}

CERTFR-2020-AVI-213

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Citrix	Citrix Hypervisor	Citrix XenServer version 7.1 LTSR CU2 sans le correctif de sécurité XS71ECU2037
Citrix	Citrix Hypervisor	Citrix Hypervisor version 8.0 sans le correctif de sécurité XS80E010
Citrix	Citrix Hypervisor	Citrix XenServer version 7.0 sans le correctif de sécurité XS70E077
Citrix	Citrix Hypervisor	Citrix Hypervisor version 8.1 sans le correctif de sécurité XS81E003

References

Title

Publication Time

Tags

Bulletin de sécurité Citrix CTX270837 du 14 avril 2020

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Citrix XenServer version 7.1 LTSR CU2 sans le correctif de s\u00e9curit\u00e9 XS71ECU2037",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Hypervisor version 8.0 sans le correctif de s\u00e9curit\u00e9 XS80E010",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix XenServer version 7.0 sans le correctif de s\u00e9curit\u00e9 XS70E077",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    },
    {
      "description": "Citrix Hypervisor version 8.1 sans le correctif de s\u00e9curit\u00e9 XS81E003",
      "product": {
        "name": "Citrix Hypervisor",
        "vendor": {
          "name": "Citrix",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2020-11741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11741"
    },
    {
      "name": "CVE-2020-11742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11742"
    },
    {
      "name": "CVE-2020-11743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11743"
    },
    {
      "name": "CVE-2020-11740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-11740"
    }
  ],
  "links": [],
  "reference": "CERTFR-2020-AVI-213",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2020-04-15T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Citrix Hypervisor.\nElles permettent \u00e0 un attaquant de provoquer un d\u00e9ni de service \u00e0\ndistance et une atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Citrix Hypervisor",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Citrix CTX270837 du 14 avril 2020",
      "url": "https://support.citrix.com/article/CTX270837"
    }
  ]
}

BDU:2021-02709

Vulnerability from fstec - Published: 14.04.2020

Title

Уязвимость компонента GNTTABOP_map_grant гипервизора Xen, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость компонента GNTTABOP_map_grant гипервизора Xen связаны с ошибками возвращаемых значений. Эксплуатация уязвимости может позволить нарушителю вызвать отказ в обслуживании

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Vendor

Novell Inc., Fedora Project, Сообщество свободного программного обеспечения, The Linux Foundation

Software Name

OpenSUSE Leap, Fedora, Debian GNU/Linux, Xen

Software Version

15.1 (OpenSUSE Leap), 30 (Fedora), 10 (Debian GNU/Linux), 31 (Fedora), 32 (Fedora), 4.13.0 rc1 (Xen), 4.13.0 rc2 (Xen), до 4.13.0 включительно (Xen)

Possible Mitigations

Использование рекомендаций: Для Xen: http://xenbits.xen.org/xsa/advisory-316.html Для Fedora: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/ Для Debian GNU/Linux: https://www.debian.org/security/2020/dsa-4723 Для программных продуктов Novell Inc.: https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UOGIHSVHR5GUF43UV76QYSDRKANB2S5G/

Reference

http://xenbits.xen.org/xsa/advisory-316.html https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/ https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/ https://www.debian.org/security/2020/dsa-4723 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UOGIHSVHR5GUF43UV76QYSDRKANB2S5G/

CWE

CWE-775

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:S/C:N/I:N/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Novell Inc., Fedora Project, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, The Linux Foundation",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "15.1 (OpenSUSE Leap), 30 (Fedora), 10 (Debian GNU/Linux), 31 (Fedora), 32 (Fedora), 4.13.0 rc1 (Xen), 4.13.0 rc2 (Xen), \u0434\u043e 4.13.0 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Xen)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Xen:\nhttp://xenbits.xen.org/xsa/advisory-316.html\n\n\u0414\u043b\u044f Fedora:\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/\n\n\u0414\u043b\u044f Debian GNU/Linux:\nhttps://www.debian.org/security/2020/dsa-4723\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Novell Inc.:\nhttps://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UOGIHSVHR5GUF43UV76QYSDRKANB2S5G/",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "14.04.2020",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "13.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "26.05.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-02709",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-11743",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "OpenSUSE Leap, Fedora, Debian GNU/Linux, Xen",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Novell Inc. OpenSUSE Leap 15.1 , Fedora Project Fedora 30 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , Fedora Project Fedora 31 , Fedora Project Fedora 32 ",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 GNTTABOP_map_grant \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430 Xen, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043e\u0441\u0432\u043e\u0431\u043e\u0436\u0434\u0435\u043d\u0438\u0435 \u0434\u0435\u0441\u043a\u0440\u0438\u043f\u0442\u043e\u0440\u0430 \u0438\u043b\u0438 \u0438\u043d\u0434\u0435\u043a\u0441\u0430 \u0444\u0430\u0439\u043b\u0430 \u043f\u043e\u0441\u043b\u0435 \u0438\u0441\u0442\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u0435\u0439\u0441\u0442\u0432\u0438\u0442\u0435\u043b\u044c\u043d\u043e\u0433\u043e \u0441\u0440\u043e\u043a\u0430 \u0435\u0433\u043e \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f (CWE-775)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u043c\u043f\u043e\u043d\u0435\u043d\u0442\u0430 GNTTABOP_map_grant \u0433\u0438\u043f\u0435\u0440\u0432\u0438\u0437\u043e\u0440\u0430 Xen \u0441\u0432\u044f\u0437\u0430\u043d\u044b \u0441 \u043e\u0448\u0438\u0431\u043a\u0430\u043c\u0438 \u0432\u043e\u0437\u0432\u0440\u0430\u0449\u0430\u0435\u043c\u044b\u0445 \u0437\u043d\u0430\u0447\u0435\u043d\u0438\u0439. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0418\u0441\u0447\u0435\u0440\u043f\u0430\u043d\u0438\u0435 \u0440\u0435\u0441\u0443\u0440\u0441\u043e\u0432",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://xenbits.xen.org/xsa/advisory-316.html\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/\nhttps://www.debian.org/security/2020/dsa-4723\nhttps://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/message/UOGIHSVHR5GUF43UV76QYSDRKANB2S5G/",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-775",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,6)\n\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 5,5)"
}

CNVD-2020-25872

Vulnerability from cnvd - Published: 2020-04-30

Title

Xen拒绝服务漏洞（CNVD-2020-25872）

Description

Xen是英国剑桥大学的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上，并支持在运行时进行迁移，保证正常运行并且避免宕机。 Xen 4.13.x及之前版本中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。

Severity

中

Patch Name

Xen拒绝服务漏洞（CNVD-2020-25872）的补丁

Patch Description

Xen是英国剑桥大学的一款开源的虚拟机监视器产品。该产品能够使不同和不兼容的操作系统运行在同一台计算机上，并支持在运行时进行迁移，保证正常运行并且避免宕机。 Xen 4.13.x及之前版本中存在安全漏洞。攻击者可利用该漏洞造成拒绝服务。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://xenbits.xen.org/xsa/advisory-316.html

Impacted products

Name
Xen Xen <=4.13.x

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-11743"
    }
  },
  "description": "Xen\u662f\u82f1\u56fd\u5251\u6865\u5927\u5b66\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u4f7f\u4e0d\u540c\u548c\u4e0d\u517c\u5bb9\u7684\u64cd\u4f5c\u7cfb\u7edf\u8fd0\u884c\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\uff0c\u5e76\u652f\u6301\u5728\u8fd0\u884c\u65f6\u8fdb\u884c\u8fc1\u79fb\uff0c\u4fdd\u8bc1\u6b63\u5e38\u8fd0\u884c\u5e76\u4e14\u907f\u514d\u5b95\u673a\u3002\n\nXen 4.13.x\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://xenbits.xen.org/xsa/advisory-316.html",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2020-25872",
  "openTime": "2020-04-30",
  "patchDescription": "Xen\u662f\u82f1\u56fd\u5251\u6865\u5927\u5b66\u7684\u4e00\u6b3e\u5f00\u6e90\u7684\u865a\u62df\u673a\u76d1\u89c6\u5668\u4ea7\u54c1\u3002\u8be5\u4ea7\u54c1\u80fd\u591f\u4f7f\u4e0d\u540c\u548c\u4e0d\u517c\u5bb9\u7684\u64cd\u4f5c\u7cfb\u7edf\u8fd0\u884c\u5728\u540c\u4e00\u53f0\u8ba1\u7b97\u673a\u4e0a\uff0c\u5e76\u652f\u6301\u5728\u8fd0\u884c\u65f6\u8fdb\u884c\u8fc1\u79fb\uff0c\u4fdd\u8bc1\u6b63\u5e38\u8fd0\u884c\u5e76\u4e14\u907f\u514d\u5b95\u673a\u3002\r\n\r\nXen 4.13.x\u53ca\u4e4b\u524d\u7248\u672c\u4e2d\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Xen\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2020-25872\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Xen Xen \u003c=4.13.x"
  },
  "serverity": "\u4e2d",
  "submitTime": "2020-04-15",
  "title": "Xen\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff08CNVD-2020-25872\uff09"
}

FKIE_CVE-2020-11743

Vulnerability from fkie_nvd - Published: 2020-04-14 13:15 - Updated: 2024-11-21 04:58

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html
cve@mitre.org	http://www.openwall.com/lists/oss-security/2020/04/14/3	Patch, Third Party Advisory
cve@mitre.org	http://xenbits.xen.org/xsa/advisory-316.html	Exploit, Vendor Advisory
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/
cve@mitre.org	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/
cve@mitre.org	https://security.gentoo.org/glsa/202005-08
cve@mitre.org	https://www.debian.org/security/2020/dsa-4723
cve@mitre.org	https://xenbits.xen.org/xsa/advisory-316.html	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2020/04/14/3	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://xenbits.xen.org/xsa/advisory-316.html	Exploit, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/
af854a3a-2127-422b-91ae-364da2661108	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/202005-08
af854a3a-2127-422b-91ae-364da2661108	https://www.debian.org/security/2020/dsa-4723
af854a3a-2127-422b-91ae-364da2661108	https://xenbits.xen.org/xsa/advisory-316.html	Exploit, Vendor Advisory

Impacted products

Vendor	Product	Version
xen	xen	*
xen	xen	4.13.0
xen	xen	4.13.0
fedoraproject	fedora	32

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BD625DD-3C5E-4849-88A6-464AA7AC6F88",
              "versionEndIncluding": "4.13.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "5BEB8A75-3CF5-4DA3-9159-16675A47D842",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "DAC2A87A-73F2-4D40-8EDB-8373B938FC11",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
              "matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en Xen versiones hasta 4.13.x, permitiendo a usuarios invitados del Sistema Operativo causar una denegaci\u00f3n de servicio debido a una ruta de error incorrecta en GNTTABOP_map_grant. Es esperado que las operaciones de la tabla de concesiones devuelvan 0 para el \u00e9xito y un n\u00famero negativo para los errores. Algunos corchetes mal colocados causan que una ruta de error devuelva 1 en lugar de un valor negativo. El c\u00f3digo de la tabla de concesi\u00f3n en Linux trata esta condici\u00f3n como exitosa y contin\u00faa incorrectamente con un estado inicializado. Un invitado con errores o malicioso puede construir su tabla de concesi\u00f3n de tal manera que, cuando un dominio del backend intente asignar una concesi\u00f3n, llegue a la ruta de error incorrecta. Esto bloquear\u00e1 un dom0 o un dominio del backend basado en Linux."
    }
  ],
  "id": "CVE-2020-11743",
  "lastModified": "2024-11-21T04:58:31.960",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 2.1,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-04-14T13:15:12.970",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/04/14/3"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-316.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/202005-08"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.debian.org/security/2020/dsa-4723"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://xenbits.xen.org/xsa/advisory-316.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2020/04/14/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "http://xenbits.xen.org/xsa/advisory-316.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/202005-08"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.debian.org/security/2020/dsa-4723"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Vendor Advisory"
      ],
      "url": "https://xenbits.xen.org/xsa/advisory-316.html"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-755"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-FF8P-26V5-2CW5

Vulnerability from github – Published: 2022-05-24 17:14 – Updated: 2022-05-24 17:14

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2020-11743"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2020-04-14T13:15:00Z",
    "severity": "LOW"
  },
  "details": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.",
  "id": "GHSA-ff8p-26v5-2cw5",
  "modified": "2022-05-24T17:14:11Z",
  "published": "2022-05-24T17:14:11Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-11743"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/202005-08"
    },
    {
      "type": "WEB",
      "url": "https://www.debian.org/security/2020/dsa-4723"
    },
    {
      "type": "WEB",
      "url": "https://xenbits.xen.org/xsa/advisory-316.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2020/04/14/3"
    },
    {
      "type": "WEB",
      "url": "http://xenbits.xen.org/xsa/advisory-316.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2020-11743

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2020-11743

Aliases

CVE-2020-11743

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2020-11743",
    "description": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.",
    "id": "GSD-2020-11743",
    "references": [
      "https://www.suse.com/security/cve/CVE-2020-11743.html",
      "https://www.debian.org/security/2020/dsa-4723",
      "https://ubuntu.com/security/CVE-2020-11743"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2020-11743"
      ],
      "details": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.",
      "id": "GSD-2020-11743",
      "modified": "2023-12-13T01:22:05.358588Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2020-11743",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://xenbits.xen.org/xsa/advisory-316.html",
            "refsource": "MISC",
            "url": "https://xenbits.xen.org/xsa/advisory-316.html"
          },
          {
            "name": "http://xenbits.xen.org/xsa/advisory-316.html",
            "refsource": "CONFIRM",
            "url": "http://xenbits.xen.org/xsa/advisory-316.html"
          },
          {
            "name": "[oss-security] 20200414 Xen Security Advisory 316 v3 (CVE-2020-11743) - Bad error path in GNTTABOP_map_grant",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2020/04/14/3"
          },
          {
            "name": "FEDORA-2020-440457afe4",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
          },
          {
            "name": "FEDORA-2020-295ed0b1e0",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
          },
          {
            "name": "openSUSE-SU-2020:0599",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
          },
          {
            "name": "FEDORA-2020-cbc3149753",
            "refsource": "FEDORA",
            "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
          },
          {
            "name": "GLSA-202005-08",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/202005-08"
          },
          {
            "name": "DSA-4723",
            "refsource": "DEBIAN",
            "url": "https://www.debian.org/security/2020/dsa-4723"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.13.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:4.13.0:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:xen:xen:4.13.0:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-11743"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-755"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://xenbits.xen.org/xsa/advisory-316.html",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "https://xenbits.xen.org/xsa/advisory-316.html"
            },
            {
              "name": "http://xenbits.xen.org/xsa/advisory-316.html",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Vendor Advisory"
              ],
              "url": "http://xenbits.xen.org/xsa/advisory-316.html"
            },
            {
              "name": "[oss-security] 20200414 Xen Security Advisory 316 v3 (CVE-2020-11743) - Bad error path in GNTTABOP_map_grant",
              "refsource": "MLIST",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "http://www.openwall.com/lists/oss-security/2020/04/14/3"
            },
            {
              "name": "FEDORA-2020-440457afe4",
              "refsource": "FEDORA",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YMAW7D2MP6RE4BFI5BZWOBBWGY3VSOFN/"
            },
            {
              "name": "FEDORA-2020-295ed0b1e0",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5M2XRNCHOGGTJQBZQJ7DCV6ZNAKN3LE2/"
            },
            {
              "name": "openSUSE-SU-2020:0599",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2020-05/msg00006.html"
            },
            {
              "name": "FEDORA-2020-cbc3149753",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NVTP4OYHCTRU3ONFJOFJQVNDFB25KLLG/"
            },
            {
              "name": "GLSA-202005-08",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/202005-08"
            },
            {
              "name": "DSA-4723",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "https://www.debian.org/security/2020/dsa-4723"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 2.1,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2020-07-13T16:15Z",
      "publishedDate": "2020-04-14T13:15Z"
    }
  }
}

OPENSUSE-SU-2020:0599-1

Vulnerability from csaf_opensuse - Published: 2020-05-01 18:28 - Updated: 2020-05-01 18:28

Summary

Security update for xen

Severity

Important

Notes

Title of the patch: Security update for xen

Description of the patch: This update for xen fixes the following issues: Security issues fixed: - CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392). - CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140). - CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142). - CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143). - arm: a CPU may speculate past the ERET instruction (bsc#1160932). Non-security issues fixed: - Xenstored Crashed during VM install (bsc#1167152) - DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206, bsc#1134506) - Update API compatibility versions, fixes issues for libvirt. (bsc#1167007, bsc#1157490) - aacraid blocks xen commands (bsc#1155200) This update was imported from the SUSE:SLE-15-SP1:Update update project.

Patchnames: openSUSE-2020-599

CVE-2020-11739

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-11740

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-11741

8.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix

Threats

Impact important

CVE-2020-11742

4.3 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2020-11743

5.5 (Medium)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64	—	Vendor Fix

Threats

Impact moderate

References

34 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1027519	self
https://bugzilla.suse.com/1134506	self
https://bugzilla.suse.com/1155200	self
https://bugzilla.suse.com/1157490	self
https://bugzilla.suse.com/1160932	self
https://bugzilla.suse.com/1165206	self
https://bugzilla.suse.com/1167007	self
https://bugzilla.suse.com/1167152	self
https://bugzilla.suse.com/1168140	self
https://bugzilla.suse.com/1168142	self
https://bugzilla.suse.com/1168143	self
https://bugzilla.suse.com/1169392	self
https://www.suse.com/security/cve/CVE-2020-11739/	self
https://www.suse.com/security/cve/CVE-2020-11740/	self
https://www.suse.com/security/cve/CVE-2020-11741/	self
https://www.suse.com/security/cve/CVE-2020-11742/	self
https://www.suse.com/security/cve/CVE-2020-11743/	self
https://www.suse.com/security/cve/CVE-2020-11739	external
https://bugzilla.suse.com/1168142	external
https://www.suse.com/security/cve/CVE-2020-11740	external
https://bugzilla.suse.com/1168140	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2020-11741	external
https://bugzilla.suse.com/1168140	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2020-11742	external
https://bugzilla.suse.com/1169392	external
https://bugzilla.suse.com/1178658	external
https://www.suse.com/security/cve/CVE-2020-11743	external
https://bugzilla.suse.com/1168143	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for xen",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for xen fixes the following issues:\n\nSecurity issues fixed:\n\n- CVE-2020-11742: Bad continuation handling in GNTTABOP_copy (bsc#1169392).\n- CVE-2020-11740, CVE-2020-11741: xen: XSA-313 multiple xenoprof issues (bsc#1168140).\n- CVE-2020-11739: Missing memory barriers in read-write unlock paths (bsc#1168142).\n- CVE-2020-11743: Bad error path in GNTTABOP_map_grant (bsc#1168143).\n- arm: a CPU may speculate past the ERET instruction (bsc#1160932).\n\nNon-security issues fixed:\n\n- Xenstored Crashed during VM install (bsc#1167152)\n- DomU hang: soft lockup CPU #0 stuck under high load (bsc#1165206, bsc#1134506)\n- Update API compatibility versions, fixes issues for libvirt. (bsc#1167007, bsc#1157490)\n- aacraid blocks xen commands (bsc#1155200)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2020-599",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2020_0599-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2020:0599-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UOGIHSVHR5GUF43UV76QYSDRKANB2S5G/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2020:0599-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/UOGIHSVHR5GUF43UV76QYSDRKANB2S5G/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1027519",
        "url": "https://bugzilla.suse.com/1027519"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1134506",
        "url": "https://bugzilla.suse.com/1134506"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1155200",
        "url": "https://bugzilla.suse.com/1155200"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1157490",
        "url": "https://bugzilla.suse.com/1157490"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1160932",
        "url": "https://bugzilla.suse.com/1160932"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1165206",
        "url": "https://bugzilla.suse.com/1165206"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1167007",
        "url": "https://bugzilla.suse.com/1167007"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1167152",
        "url": "https://bugzilla.suse.com/1167152"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1168140",
        "url": "https://bugzilla.suse.com/1168140"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1168142",
        "url": "https://bugzilla.suse.com/1168142"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1168143",
        "url": "https://bugzilla.suse.com/1168143"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1169392",
        "url": "https://bugzilla.suse.com/1169392"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11739 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11739/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11740 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11740/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11741 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11741/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11742 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11742/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2020-11743 page",
        "url": "https://www.suse.com/security/cve/CVE-2020-11743/"
      }
    ],
    "title": "Security update for xen",
    "tracking": {
      "current_release_date": "2020-05-01T18:28:33Z",
      "generator": {
        "date": "2020-05-01T18:28:33Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2020:0599-1",
      "initial_release_date": "2020-05-01T18:28:33Z",
      "revision_history": [
        {
          "date": "2020-05-01T18:28:33Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-devel-4.12.2_04-lp151.2.15.1.i586",
                "product": {
                  "name": "xen-devel-4.12.2_04-lp151.2.15.1.i586",
                  "product_id": "xen-devel-4.12.2_04-lp151.2.15.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.12.2_04-lp151.2.15.1.i586",
                "product": {
                  "name": "xen-libs-4.12.2_04-lp151.2.15.1.i586",
                  "product_id": "xen-libs-4.12.2_04-lp151.2.15.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
                "product": {
                  "name": "xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
                  "product_id": "xen-tools-domU-4.12.2_04-lp151.2.15.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "xen-4.12.2_04-lp151.2.15.1.x86_64",
                "product": {
                  "name": "xen-4.12.2_04-lp151.2.15.1.x86_64",
                  "product_id": "xen-4.12.2_04-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
                "product": {
                  "name": "xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
                  "product_id": "xen-devel-4.12.2_04-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
                "product": {
                  "name": "xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
                  "product_id": "xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
                "product": {
                  "name": "xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
                  "product_id": "xen-libs-4.12.2_04-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
                "product": {
                  "name": "xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
                  "product_id": "xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
                "product": {
                  "name": "xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
                  "product_id": "xen-tools-4.12.2_04-lp151.2.15.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64",
                "product": {
                  "name": "xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64",
                  "product_id": "xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.1",
                "product": {
                  "name": "openSUSE Leap 15.1",
                  "product_id": "openSUSE Leap 15.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.1"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64"
        },
        "product_reference": "xen-4.12.2_04-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-4.12.2_04-lp151.2.15.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586"
        },
        "product_reference": "xen-devel-4.12.2_04-lp151.2.15.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-devel-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64"
        },
        "product_reference": "xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64"
        },
        "product_reference": "xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.12.2_04-lp151.2.15.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586"
        },
        "product_reference": "xen-libs-4.12.2_04-lp151.2.15.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64"
        },
        "product_reference": "xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64"
        },
        "product_reference": "xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64"
        },
        "product_reference": "xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.12.2_04-lp151.2.15.1.i586 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586"
        },
        "product_reference": "xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64 as component of openSUSE Leap 15.1",
          "product_id": "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
        },
        "product_reference": "xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-11739",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11739"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service or possibly gain privileges because of missing memory barriers in read-write unlock paths. The read-write unlock paths don\u0027t contain a memory barrier. On Arm, this means a processor is allowed to re-order the memory access with the preceding ones. In other words, the unlock may be seen by another processor before all the memory accesses within the \"critical\" section. As a consequence, it may be possible to have a writer executing a critical section at the same time as readers or another writer. In other words, many of the assumptions (e.g., a variable cannot be modified after a check) in the critical sections are not safe anymore. The read-write locks are used in hypercalls (such as grant-table ones), so a malicious guest could exploit the race. For instance, there is a small window where Xen can leak memory if XENMAPSPACE_grant_table is used concurrently. A malicious guest may be able to leak memory, or cause a hypervisor crash resulting in a Denial of Service (DoS). Information leak and privilege escalation cannot be excluded.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11739",
          "url": "https://www.suse.com/security/cve/CVE-2020-11739"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168142 for CVE-2020-11739",
          "url": "https://bugzilla.suse.com/1168142"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-01T18:28:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-11739"
    },
    {
      "cve": "CVE-2020-11740",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11740"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11740",
          "url": "https://www.suse.com/security/cve/CVE-2020-11740"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168140 for CVE-2020-11740",
          "url": "https://bugzilla.suse.com/1168140"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2020-11740",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-01T18:28:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-11740"
    },
    {
      "cve": "CVE-2020-11741",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11741"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which \"active\" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11741",
          "url": "https://www.suse.com/security/cve/CVE-2020-11741"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168140 for CVE-2020-11741",
          "url": "https://bugzilla.suse.com/1168140"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2020-11741",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-01T18:28:33Z",
          "details": "important"
        }
      ],
      "title": "CVE-2020-11741"
    },
    {
      "cve": "CVE-2020-11742",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11742"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of bad continuation handling in GNTTABOP_copy. Grant table operations are expected to return 0 for success, and a negative number for errors. The fix for CVE-2017-12135 introduced a path through grant copy handling where success may be returned to the caller without any action taken. In particular, the status fields of individual operations are left uninitialised, and may result in errant behaviour in the caller of GNTTABOP_copy. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to copy a grant, it hits the incorrect exit path. This returns success to the caller without doing anything, which may cause crashes or other incorrect behaviour.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11742",
          "url": "https://www.suse.com/security/cve/CVE-2020-11742"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1169392 for CVE-2020-11742",
          "url": "https://bugzilla.suse.com/1169392"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1178658 for CVE-2020-11742",
          "url": "https://bugzilla.suse.com/1178658"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 4.3,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-01T18:28:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-11742"
    },
    {
      "cve": "CVE-2020-11743",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2020-11743"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "An issue was discovered in Xen through 4.13.x, allowing guest OS users to cause a denial of service because of a bad error path in GNTTABOP_map_grant. Grant table operations are expected to return 0 for success, and a negative number for errors. Some misplaced brackets cause one error path to return 1 instead of a negative value. The grant table code in Linux treats this condition as success, and proceeds with incorrectly initialised state. A buggy or malicious guest can construct its grant table in such a way that, when a backend domain tries to map a grant, it hits the incorrect error path. This will crash a Linux based dom0 or backend domain.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
          "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
          "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2020-11743",
          "url": "https://www.suse.com/security/cve/CVE-2020-11743"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1168143 for CVE-2020-11743",
          "url": "https://bugzilla.suse.com/1168143"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.1:xen-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-devel-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-doc-html-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-32bit-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-libs-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-4.12.2_04-lp151.2.15.1.x86_64",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.i586",
            "openSUSE Leap 15.1:xen-tools-domU-4.12.2_04-lp151.2.15.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2020-05-01T18:28:33Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2020-11743"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.

Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2020-11743 (GCVE-0-2020-11743)

Solution

Solution

Solution

Solution

Tags

Sightings

Nomenclature