CVE-2010-2224

CWE-2645 documents5 sources

Severity

2.1LOW

EPSS

0.1%

top 79.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Enterprise Virtualization Manager

Timeline

PublishedJun 24

Latest updateMay 17

Description

The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages1 packages

▶NVDredhat/enterprise_virtualization_manager2.1

Patches

Patch: rhn.redhat.com ↗Patch: rhn.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-fg8w-q7cx-53jm: The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2↗2022-05-17

▶

CVEList

CVE-2010-2224: The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2↗2010-06-24

▶

📋Vendor Advisories

Red Hat

rhev-m: merge snapshot does not pass postzero parameter for deleted volumes↗2010-06-22

▶

💬Community

Bugzilla

CVE-2010-2224 rhev-m: merge snapshot does not pass postzero parameter for deleted volumes↗2010-06-22

▶