A flaw was found in xen. When the code processing grant table transfer requests finds a page with an address too large to be represented in the interface with the guest, it allocates a replacement page and copies page contents. The page as well as certain other remnants of an affected guest will be leaked due to being unfreeable upon domain cleanup. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.