The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2014-08-06T19:00:00
Updated: 2024-08-06T10:50:17.841Z
Reserved: 2014-05-14T00:00:00
Link: CVE-2014-3559
Vulnrichment
No data.
NVD
Status : Modified
Published: 2014-08-06T19:55:03.727
Modified: 2024-11-21T02:08:22.250
Link: CVE-2014-3559
Redhat