CVE-2014-4021

  1. Yack CVE
  2. Vulnerabilities (CVE)
  3. CVE-2014-4021

2.7 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:A/AC:L/Au:S/C:P/I:N/A:N

Exploitability : 5.1 / Impact : 2.9

Access Vector ADJACENT_NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

X

en 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.

References
Link Resource
http://linux.oracle.com/errata/ELSA-2014-0926-1.html
http://linux.oracle.com/errata/ELSA-2014-0926.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
http://secunia.com/advisories/59208
http://secunia.com/advisories/60027
http://secunia.com/advisories/60130
http://secunia.com/advisories/60471
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://support.citrix.com/article/CTX140984
http://www.debian.org/security/2014/dsa-3006
http://www.securityfocus.com/bid/68070
http://www.securitytracker.com/id/1030442
http://xenbits.xen.org/xsa/advisory-100.html Patch Vendor Advisory
http://linux.oracle.com/errata/ELSA-2014-0926-1.html
http://linux.oracle.com/errata/ELSA-2014-0926.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html
http://secunia.com/advisories/59208
http://secunia.com/advisories/60027
http://secunia.com/advisories/60130
http://secunia.com/advisories/60471
http://security.gentoo.org/glsa/glsa-201407-03.xml
http://support.citrix.com/article/CTX140984
http://www.debian.org/security/2014/dsa-3006
http://www.securityfocus.com/bid/68070
http://www.securitytracker.com/id/1030442
http://xenbits.xen.org/xsa/advisory-100.html Patch Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:o:xen:xen:3.2.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.2.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.2.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:3.2.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.0.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.0.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.0.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.0.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.0.4:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.4:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.5:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.1.6.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.2:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.2.3:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.3.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.3.1:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.4.0:*:*:*:*:*:*:*
cpe:2.3:o:xen:xen:4.4.0:rc1:*:*:*:*:*:*
History

21 Nov 2024, 02:09

Type Values Removed Values Added
References () http://linux.oracle.com/errata/ELSA-2014-0926-1.html - () http://linux.oracle.com/errata/ELSA-2014-0926-1.html -
References () http://linux.oracle.com/errata/ELSA-2014-0926.html - () http://linux.oracle.com/errata/ELSA-2014-0926.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html - () http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135068.html -
References () http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html - () http://lists.fedoraproject.org/pipermail/package-announce/2014-July/135071.html -
References () http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html - () http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00002.html -
References () http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html - () http://lists.opensuse.org/opensuse-security-announce/2014-10/msg00003.html -
References () http://secunia.com/advisories/59208 - () http://secunia.com/advisories/59208 -
References () http://secunia.com/advisories/60027 - () http://secunia.com/advisories/60027 -
References () http://secunia.com/advisories/60130 - () http://secunia.com/advisories/60130 -
References () http://secunia.com/advisories/60471 - () http://secunia.com/advisories/60471 -
References () http://security.gentoo.org/glsa/glsa-201407-03.xml - () http://security.gentoo.org/glsa/glsa-201407-03.xml -
References () http://support.citrix.com/article/CTX140984 - () http://support.citrix.com/article/CTX140984 -
References () http://www.debian.org/security/2014/dsa-3006 - () http://www.debian.org/security/2014/dsa-3006 -
References () http://www.securityfocus.com/bid/68070 - () http://www.securityfocus.com/bid/68070 -
References () http://www.securitytracker.com/id/1030442 - () http://www.securitytracker.com/id/1030442 -
References () http://xenbits.xen.org/xsa/advisory-100.html - Patch, Vendor Advisory () http://xenbits.xen.org/xsa/advisory-100.html - Patch, Vendor Advisory
Information

Published : 2014-06-18 19:55

Updated : 2025-04-12 10:46

NVD link : CVE-2014-4021

Mitre link : CVE-2014-4021

CVE.ORG link : CVE-2014-4021

JSON object : View

Products Affected

xen

CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer