An issue exists in xenoprof in Xen up to and including 4.13.x, allowing guest OS users (without active profiling) to obtain sensitive information about other guests. Unprivileged guests can request to map xenoprof buffers, even if profiling has not been enabled for those guests. These buffers were not scrubbed.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
xen xen 4.13.0 |
||
xen xen |
||
debian debian linux 10.0 |
||
fedoraproject fedora 30 |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
opensuse leap 15.1 |