885256 – (CVE-2014-4022) VUL-0: CVE-2014-4022: xen: Malicious guest administrators can obtain some of the memory contents of other domains.

Bug 885256 (CVE-2014-4022) - VUL-0: CVE-2014-4022: xen: Malicious guest administrators can obtain some of the memory contents of other domains.

Summary: VUL-0: CVE-2014-4022: xen: Malicious guest administrators can obtain some of ...

Status:	VERIFIED INVALID

Alias:	CVE-2014-4022

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Minor
Target Milestone:	---
Assignee:	Charles Arnold
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/103099/
Whiteboard:
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2014-07-01 12:14 UTC by Victor Pereira
Modified:	2014-07-01 13:25 UTC (History)
CC List:	2 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Victor Pereira 2014-07-01 12:14:34 UTC

CVE-2014-4022


Malicious guest administrators can obtain some of the memory contents
of other domains. When initialising an internal data structure on ARM
platform Xen was not correctly initialising the memory containing the
list of a domain's grant table pages. This list is returned by the
GNTTABOP_setup_table subhypercall, leading to an information leak.


References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4022
http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-4022.html
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4022