PT-2018-10010 · Ovirt · Ovirt
Doran Moppert
·
Published
2018-03-06
·
Updated
2020-02-18
·
CVE-2018-1062
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
oVirt versions 4.1.x through 4.1.8
Description
A vulnerability was discovered where the combination of Enable Discard and Wipe After Delete flags for VM disks could cause a disk to be incompletely zeroed when removed from a VM. This could potentially reveal sensitive data to privileged users of another VM if the same storage blocks are later allocated to a new disk.
Recommendations
For oVirt versions 4.1.x through 4.1.8, update to version 4.1.9 or later to resolve the issue.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ovirt