Xen is vulnerable to Sensitive Information Disclosure. Linux block table does not zero memory regions before sharing with the backend, leading to information disclosure. Additionally, the grant table only shares 4k pages, leading to unrelated data from different backends residing in the same page.
www.openwall.com/lists/oss-security/2022/07/05/6
xenbits.xen.org/xsa/advisory-403.html
github.com/xen-project/xen/commit/54d8f27d0477937e1f99a414fc1ffd93d184b38a
lists.debian.org/debian-lts-announce/2022/10/msg00000.html
lists.fedoraproject.org/archives/list/[email protected]/message/IGFTRZ66KQYTSYIRT5FRHF5D6O72NWOP/
lists.fedoraproject.org/archives/list/[email protected]/message/RKRXZ4LHGCGMOG24ZCEJNY6R2BTS4S2Q/
secdb.alpinelinux.org/edge/main.yaml
secdb.alpinelinux.org/v3.13/main.yaml
secdb.alpinelinux.org/v3.14/main.yaml
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
www.debian.org/security/2022/dsa-5191
xenbits.xenproject.org/xsa/advisory-403.txt