CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:A/AC:L/Au:S/C:P/I:N/A:N
AI Score
Confidence
Low
EPSS
Percentile
28.0%
Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.
Vendor | Product | Version | CPE |
---|---|---|---|
xen | xen | 3.2.0 | cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:* |
xen | xen | 3.2.1 | cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:* |
xen | xen | 3.2.2 | cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:* |
xen | xen | 3.2.3 | cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:* |
xen | xen | 4.0.0 | cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:* |
xen | xen | 4.0.1 | cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:* |
xen | xen | 4.0.2 | cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:* |
xen | xen | 4.0.3 | cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:* |
xen | xen | 4.0.4 | cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:* |
xen | xen | 4.1.0 | cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:* |
linux.oracle.com/errata/ELSA-2014-0926-1.html
linux.oracle.com/errata/ELSA-2014-0926.html
lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html
lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html
lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
secunia.com/advisories/59208
secunia.com/advisories/60027
secunia.com/advisories/60130
secunia.com/advisories/60471
security.gentoo.org/glsa/glsa-201407-03.xml
support.citrix.com/article/CTX140984
www.debian.org/security/2014/dsa-3006
www.securityfocus.com/bid/68070
www.securitytracker.com/id/1030442
xenbits.xen.org/xsa/advisory-100.html