CVE-2014-4021
Xen 3.2.x-4.4.x - Information Disclosure via Improper Memory Page Cleaning
Title source: llmDescription
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.
References (16)
Core 16
Core References
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60471
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60027
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030442
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201407-03.xml
Patch, Vendor Advisory x_refsource_confirm
http://xenbits.xen.org/xsa/advisory-100.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/60130
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2014/dsa-3006
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/68070
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/59208
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html
Various Sources x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-0926.html
Various Sources x_refsource_confirm
http://linux.oracle.com/errata/ELSA-2014-0926-1.html
Vendor Advisory x_refsource_confirm
http://support.citrix.com/article/CTX140984
Scores
EPSS
0.0023
EPSS Percentile
46.1%
Details
CWE
CWE-119
Status
published
Products (23)
xen/xen
3.2.0
xen/xen
3.2.1
xen/xen
3.2.2
xen/xen
3.2.3
xen/xen
4.0.0
xen/xen
4.0.1
xen/xen
4.0.2
xen/xen
4.0.3
xen/xen
4.0.4
xen/xen
4.1.0
... and 13 more
Published
Jun 18, 2014
Tracked Since
Feb 18, 2026