CVE-2010-2223

CWE-2645 documents5 sources

Severity

2.1LOW

EPSS

0.1%

top 77.76%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization Hypervisor

Timeline

PublishedJun 24

Latest updateMay 17

Description

Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization_hypervisor5.4-2.1

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-q8g8-jjw3-wwpx: Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5↗2022-05-17

▶

CVEList

CVE-2010-2223: Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5↗2010-06-24

▶

📋Vendor Advisories

Red Hat

vdsm: missing VM post-zeroing after removal↗2009-10-22

▶

💬Community

Bugzilla

CVE-2010-2223 vdsm: missing VM post-zeroing after removal↗2010-06-16

▶