CVE-2018-1062
First published: Wed Feb 28 2018(Updated: )
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/ovirt-engine | <4.1.9 | 4.1.9 |
| Redhat Ovirt-engine | >=4.1.0<4.1.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2018-1062.
What is the severity of CVE-2018-1062?
The severity of CVE-2018-1062 is medium with a severity value of 5.3.
What is the affected software for CVE-2018-1062?
The affected software for CVE-2018-1062 is oVirt 4.1.x before 4.1.9.
How can CVE-2018-1062 be exploited?
CVE-2018-1062 can be exploited when the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt is used, which could cause a disk to be incompletely zeroed when removed from a VM.
How can CVE-2018-1062 be fixed?
CVE-2018-1062 can be fixed by updating oVirt to version 4.1.9.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2018-1062
- agent/software-canonical-lookup
- agent/tags
- agent/event
- vendor/redhat
- canonical/redhat ovirt-engine
- version/redhat ovirt-engine/4.1.0
- package-manager/redhat