CVE-2014-3559

Name of the Vulnerable Software and Affected Versions Red Hat Enterprise Virtualization version 3.4

Description The issue concerns the oVirt storage backend, which fails to wipe memory snapshots when a virtual machine (VM) is deleted, even if wipe-after-delete (WAD) is configured for the VM's disk. This allows remote authenticated users with certain credentials to read portions of the deleted VM's memory and obtain sensitive information via an uninitialized storage volume.

Recommendations For Red Hat Enterprise Virtualization version 3.4, consider configuring additional security measures to protect sensitive information, as the current wipe-after-delete functionality does not fully address the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.