Back to search
CVE-2018-1062
Published: Mar 6, 2018
Modified: Sep 17, 2024
PUBLISHED
Description
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
| Vendor | Product | Versions |
|---|---|---|
oVirt | oVirt | affected 4.1.x before 4.1.9 |
Weaknesses (CWE)
References
https://bugzilla.redhat.com/show_bug.cgi?id=1549944
x_refsource_CONFIRM
RHBA-2018:0135
vendor-advisory
x_refsource_REDHAT
https://gerrit.ovirt.org/#/c/84875/
x_refsource_CONFIRM
https://gerrit.ovirt.org/#/c/84861/
x_refsource_CONFIRM
103433
vdb-entry
x_refsource_BID
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now