Launchpad.net

CVE 2014-4021

Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.

Related bugs and status

CVE-2014-4021 (Candidate) is related to these bugs:

Bug #1390352: [MRE] Rebase Xen-4.4 to upstream stable 4.4.1

		In	Importance	Status
1390352	[MRE] Rebase Xen-4.4 to upstream stable 4.4.1	xen (Ubuntu)	Undecided	Fix Released
1390352	[MRE] Rebase Xen-4.4 to upstream stable 4.4.1	xen (Ubuntu Utopic)	Medium	Fix Released
1390352	[MRE] Rebase Xen-4.4 to upstream stable 4.4.1	xen (Ubuntu Trusty)	Medium	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://xenbits.xen.org...
BID: 68070
SECTRACK: 1030442
SECUNIA: 59208
CONFIRM: http://support.citrix....
SECUNIA: 60027
SUSE: openSUSE-SU-2014:1279
SUSE: openSUSE-SU-2014:1281
DEBIAN: DSA-3006
CONFIRM: http://linux.oracle.co...
CONFIRM: http://linux.oracle.co...
FEDORA: FEDORA-2014-7722
FEDORA: FEDORA-2014-7734
GENTOO: GLSA-201407-03
SECUNIA: 60130
SECUNIA: 60471