While memory pages recovered from dying guests are being cleaned to avoid
leaking sensitive information to other guests, memory pages that were in
use by the hypervisor and are eligible to be allocated to guests weren't
being properly cleaned. Such exposure of information would happen through
memory pages freshly allocated to or by the guest.
A malicious guest might be able to read data relating to other guests
or the hypervisor itself.
Red Hat would like to thank the Xen project for reporting this issue. Upstream acknowledges Jan Beulich as the original reporter.
Now public via --
Created xen tracking bugs for this issue:
Affects: fedora-all [bug 1110316]
xen-4.2.4-6.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.
xen-4.3.2-6.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
This issue has been addressed in following products:
Red Hat Enterprise Linux 5
Via RHSA-2014:0926 https://rhn.redhat.com/errata/RHSA-2014-0926.html
It was found that the Xen hypervisor implementation did not properly clean memory pages previously allocated by the hypervisor. A privileged guest user could potentially use this flaw to read data relating to other guests or the hypervisor itself.