CVE-2014-4021

LOW

Description

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.

References

http://linux.oracle.com/errata/ELSA-2014-0926.html

http://linux.oracle.com/errata/ELSA-2014-0926-1.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html

http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html

http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html

http://secunia.com/advisories/59208

http://secunia.com/advisories/60027

http://secunia.com/advisories/60130

http://secunia.com/advisories/60471

http://security.gentoo.org/glsa/glsa-201407-03.xml

http://support.citrix.com/article/CTX140984

http://www.debian.org/security/2014/dsa-3006

http://www.securityfocus.com/bid/68070

http://www.securitytracker.com/id/1030442

http://xenbits.xen.org/xsa/advisory-100.html

Details

Source: MITRE

Published: 2014-06-18

Updated: 2018-10-30

Type: CWE-119

Risk Information

CVSS v2.0

Base Score: 2.7

Vector: AV:A/AC:L/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 5.1

Severity: LOW

Vulnerable Software

Configuration 1

cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*

cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*

Tenable Plugins

View all (16 total)

ID	Name	Product	Family	Severity
83659	SUSE SLES11 Security Update : xen (SUSE-SU-2014:1732-1)	Nessus	SuSE Local Security Checks	high
83654	SUSE SLES11 Security Update : xen (SUSE-SU-2014:1710-1)	Nessus	SuSE Local Security Checks	high
83651	SUSE SLES10 Security Update : Xen (SUSE-SU-2014:1691-1)	Nessus	SuSE Local Security Checks	high
80928	OracleVM 3.3 : xen (OVMSA-2015-0004)	Nessus	OracleVM Local Security Checks	medium
78652	SuSE 11.3 Security Update : Xen (SAT Patch Number 9828)	Nessus	SuSE Local Security Checks	high
78117	openSUSE Security Update : xen (openSUSE-SU-2014:1281-1)	Nessus	SuSE Local Security Checks	high
78116	openSUSE Security Update : xen (openSUSE-SU-2014:1279-1)	Nessus	SuSE Local Security Checks	high
77240	Debian DSA-3006-1 : xen - security update	Nessus	Debian Local Security Checks	high
76856	Oracle Linux 5 : kernel (ELSA-2014-0926)	Nessus	Oracle Linux Local Security Checks	medium
76782	Scientific Linux Security Update : kernel on SL5.x i386/x86_64 (20140723)	Nessus	Scientific Linux Local Security Checks	medium
76779	CentOS 5 : kernel (CESA-2014:0926)	Nessus	CentOS Local Security Checks	medium
76771	Citrix XenServer Multiple Vulnerabilities (CTX140984)	Nessus	Misc.	critical
76751	RHEL 5 : kernel (RHSA-2014:0926)	Nessus	Red Hat Local Security Checks	medium
76544	GLSA-201407-03 : Xen: Multiple Vunlerabilities	Nessus	Gentoo Local Security Checks	high
76371	Fedora 19 : xen-4.2.4-6.fc19 (2014-7734)	Nessus	Fedora Local Security Checks	low
76370	Fedora 20 : xen-4.3.2-6.fc20 (2014-7722)	Nessus	Fedora Local Security Checks	low