CVE-2014-4022

Name of the Vulnerable Software and Affected Versions Xen versions 4.4.x

Description The issue arises from the alloc domain struct function in arch/arm/domain.c, which fails to properly initialize the structure containing the grant table pages for a domain when running on an ARM platform. This allows local guest administrators to obtain sensitive information via the GNTTABOP setup table subhypercall.

Recommendations For Xen version 4.4.x, consider restricting access to the GNTTABOP setup table subhypercall until a proper fix is applied. As a temporary workaround, review and limit the privileges of local guest administrators to minimize the risk of exploitation.