Detections
Analytics

CVE-2014-4021

critical

Description

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.

References

http://xenbits.xen.org/xsa/advisory-100.html

http://www.securitytracker.com/id/1030442

http://www.securityfocus.com/bid/68070

http://www.debian.org/security/2014/dsa-3006

http://support.citrix.com/article/CTX140984

http://security.gentoo.org/glsa/glsa-201407-03.xml

http://secunia.com/advisories/60471

http://secunia.com/advisories/60130

http://secunia.com/advisories/60027

http://secunia.com/advisories/59208

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html

http://linux.oracle.com/errata/ELSA-2014-0926.html

http://linux.oracle.com/errata/ELSA-2014-0926-1.html

Details

Source: Mitre, NVD

Published: 2014-06-18

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 2.7

Vector: CVSS2#AV:A/AC:L/Au:S/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.00234