How severe is CVE-2020-11741?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.8 out of 10.

What type of vulnerability is CVE-2020-11741?

This is classified as CWE-909, which is a common weakness in software security.

CVE-2020-11741 - HIGH Severity | CVSS 8.8

Vulnerability Description

An issue was discovered in xenoprof in Xen through 4.13.x, allowing guest OS users (with active profiling) to obtain sensitive information about other guests, cause a denial of service, or possibly gain privileges. For guests for which "active" profiling was enabled by the administrator, the xenoprof code uses the standard Xen shared ring structure. Unfortunately, this code did not treat the guest as a potential adversary: it trusts the guest not to modify buffer size information or modify head / tail pointers in unexpected ways. This can crash the host (DoS). Privilege escalation cannot be ruled out.

Related Vulnerabilities

CVE-2021-23994

HIGH

CVSS:8.8(High)

A WebGL framebuffer was not initialized early enough, resulting in memory corruption and an out of bound write. This vulnerability affects Firefox ESR < 78.10, Thunderbird < 78.10, and Firefox < 88.

CWE-9092021

CVE-2021-29980

HIGH

CVSS:8.8(High)

Uninitialized memory in a canvas object could have caused an incorrect free() leading to memory corruption and a potentially exploitable crash. This vulnerability affects Thunderbird < 78.13, Thunderb...

CWE-9092021

CVE-2020-12523

CRITICAL

CVSS:9.1(Critical)

On Phoenix Contact mGuard Devices versions before 8.8.3 LAN ports get functional after reboot even if they are disabled in the device configuration. For mGuard devices with integrated switch on the LA...

CWE-9092020

CVE-2022-22704

CRITICAL

CVSS:9.8(Critical)

The zabbix-agent2 package before 5.4.9-r1 for Alpine Linux sometimes allows privilege escalation to root because the design incorrectly expected that systemd would (in effect) determine part of the co...

CWE-9092022

CVE-2005-1036

HIGH

CVSS:7.8(High)

FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO permission bitmap used to allow user access to certain hardware, which allows local users to bypass intended access restrictions to caus...

CWE-9092005

CVE-2022-29968

HIGH

CVSS:7.8(High)

An issue was discovered in the Linux kernel through 5.17.5. io_rw_init_file in fs/io_uring.c lacks initialization of kiocb->private.

CWE-9092022