CVE-2020-11741: 
NixOS vulnerability analysis and mitigation

An issue was discovered in xenoprof in Xen through 4.13.x, affecting the profiling functionality. The vulnerability was identified and disclosed on April 14, 2020, impacting Xen versions back to at least 3.2. The issue specifically affects x86 PV guests, while Arm guests and x86 HVM and PVH guests are not vulnerable (Xen Advisory).

The vulnerability stems from the xenoprof code's handling of shared ring structures. When 'active' profiling is enabled by the administrator, the code fails to treat the guest as a potential adversary, incorrectly trusting the guest not to modify buffer size information or manipulate head/tail pointers in unexpected ways. The vulnerability has been assigned a CVSS v3.1 Base Score of 8.8 HIGH (Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H) (NVD).

A malicious guest may be able to access sensitive information pertaining to other guests. For guests with 'active profiling' enabled, attackers can crash the host (DoS). Additionally, privilege escalation cannot be ruled out. The vulnerability is particularly severe for systems where administrators have explicitly enabled 'active profiling' for untrusted guests (Xen Advisory).

The primary mitigation is to never make untrusted guests 'active', which will prevent all but the information leak aspect of the vulnerability. For the information leak component, there is no known mitigation other than applying the security patches. The issue was resolved through two patches: the first addressing the information leak and the second fixing the 'active profiling' issue (Xen Advisory).

Multiple Linux distributions released security updates to address this vulnerability, including Debian, Ubuntu, Fedora, and OpenSUSE. Debian classified it among multiple vulnerabilities that could result in denial of service, guest-to-host privilege escalation or information leaks (Debian Security).