{
  "threat_severity" : "Moderate",
  "public_date" : "2014-06-17T00:00:00Z",
  "bugzilla" : {
    "description" : "xen: Hypervisor heap contents leaked to guests (xsa-100)",
    "id" : "1103646",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1103646"
  },
  "cvss" : {
    "cvss_base_score" : "2.3",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:S/C:P/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-244",
  "details" : [ "Xen 3.2.x through 4.4.x does not properly clean memory pages recovered from guests, which allows local guest OS users to obtain sensitive information via unspecified vectors.", "It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by the hypervisor. A privileged guest user could potentially use this flaw to read data relating to other guests or the hypervisor itself." ],
  "acknowledgement" : "Red Hat would like to thank Xen project for reporting this issue. Upstream acknowledges Jan Beulich as the original reporter.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2014-07-23T00:00:00Z",
    "advisory" : "RHSA-2014:0926",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "kernel-0:2.6.18-371.11.1.el5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2014-4021\nhttps://nvd.nist.gov/vuln/detail/CVE-2014-4021" ],
  "name" : "CVE-2014-4021",
  "csaw" : false
}