CVE-2010-2224
First published: Tue Jun 22 2010(Updated: )
It was found that Red Hat Enterprise Virtualization Manager did not correctly pass the postzero parameter for deleted volumes after snapshot merging. This resulted in such volumes not being securely deleted as expected. A guest user in a new, raw virtual machine (VM), created in a data domain that has had VMs deleted from it, could use this flaw to read limited data from those deleted VMs, potentially disclosing sensitive information. (<a href="https://access.redhat.com/security/cve/CVE-2010-2224">CVE-2010-2224</a>)
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Redhat Enterprise Virtualization Manager | <=2.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-historical
- collector/redhat-cve
- collector/nvd-index
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/weakness
- agent/remedy
- agent/tags
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-2224
- vendor/redhat
- canonical/redhat enterprise virtualization manager
- version/redhat enterprise virtualization manager/2.1