CVE-2014-4021 — Improper Restriction of Operations within the Bounds of a Memory Buffer in XEN

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-244 — Heap Inspection7 documents6 sources

Severity

2.7LOWNVD

EPSS

0.2%

top 53.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

XEN Debian XEN

Timeline

PublishedJun 18

Latest updateMay 14

Description

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.

CVSS vector

AV:A/AC:L/C:P/I:N/A:NExploitability: 5.1 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/xen< xen 4.4.1-1 (bookworm)

▶Debianxen/xen< 4.4.1-1+3

▶NVDxen/xen23 versions+22

Patches

Patch: xenbits.xen.org ↗Patch: xenbits.xen.org ↗

🔴Vulnerability Details

GHSA

GHSA-h82g-hrcm-j7gq: Xen 3↗2022-05-14

▶

OSV

CVE-2014-4021: Xen 3↗2014-06-18

▶

📋Vendor Advisories

Red Hat

xen: Hypervisor heap contents leaked to guests (xsa-100)↗2014-06-17

▶

Debian

CVE-2014-4021: xen - Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from gues...↗2014

▶

💬Community

Bugzilla

CVE-2014-4021 xen: Hypervisor heap contents leaked to guests (xsa-100) [fedora-all]↗2014-06-17

▶

Bugzilla

CVE-2014-4021 xen: Hypervisor heap contents leaked to guests (xsa-100)↗2014-06-02

▶