CVE-2014-3559
N/A
N/A
Summary
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- http://www.securitytracker.com/id/1030664
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95098
- http://rhn.redhat.com/errata/RHSA-2014-1002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1121925
References
- http://www.securitytracker.com/id/1030664
- https://exchange.xforce.ibmcloud.com/vulnerabilities/95098
- http://rhn.redhat.com/errata/RHSA-2014-1002.html
- https://bugzilla.redhat.com/show_bug.cgi?id=1121925
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.