CVE-2010-2224

Loading...

General

Score:2.1/10.0
Severity:Low
Category:Access Control Error
Exploit:Available

Impact Metrics

Confidentiality:Partial
Integrity:None
Availability:None

Exploitability Metrics

Access Vector:Local
Access Complexity:Low
Authentication:None

Published on 24/06/10 - Updated on 15/01/13

Description

The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (aka RHEV-M) before 2.2 does not properly pass the postzero parameter during operations on deleted volumes, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.

Category: Access Control Error

CWE-264 (Permissions, Privileges, and Access Control)
Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.

Security Notices

US National Vulnerability DatabaseCVE-2010-2224

Exploits

SecurityFocusBID-41045

Relative technologies

VendorProduct
redhatenterprise_virtualization_manager

Share this vulnerability with:

Twitter Facebook LinkedIn Mail