CVE-2014-4022 Information

Description

The alloc_domain_struct function in arch/arm/domain.c in Xen 4.4.x when running on an ARM platform does not properly initialize the structure containing the grant table pages for a domain which allows local guest administrators to obtain sensitive information via the GNTTABOP_setup_table subhypercall.

Reference

http://secunia.com/advisories/59523 http://www.securityfocus.com/bid/68184 http://www.securitytracker.com/id/1030471 http://xenbits.xen.org/xsa/advisory-101.html