The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2014-08-06T19:00:00

Updated: 2024-08-06T10:50:17.841Z

Reserved: 2014-05-14T00:00:00

Link: CVE-2014-3559

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2014-08-06T19:55:03.727

Modified: 2024-11-21T02:08:22.250

Link: CVE-2014-3559

cve-icon Redhat

Severity : Moderate

Publid Date: 2014-08-04T00:00:00Z

Links: CVE-2014-3559 - Bugzilla