The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.
References
Configurations
History
13 Feb 2023, 00:40
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume. |
02 Feb 2023, 16:15
Type | Values Removed | Values Added |
---|---|---|
Summary | It was found that the oVirt storage back end did not wipe memory snapshots when VMs were deleted, even if wipe-after-delete (WAD) was enabled for the VM's disks. A remote attacker with credentials to create a new VM could use this flaw to potentially access the contents of memory snapshots in an uninitialized storage volume, possibly leading to the disclosure of sensitive information. | |
References |
|
Information
Published : 2014-08-06 19:55
Updated : 2023-12-10 11:31
NVD link : CVE-2014-3559
Mitre link : CVE-2014-3559
CVE.ORG link : CVE-2014-3559
JSON object : View
Products Affected
redhat
- enterprise_virtualization
CWE
CWE-264
Permissions, Privileges, and Access Controls