CVE-2018-1062 is a vulnerability in Red Hat Ovirt Engine
Published on March 6, 2018
A vulnerability was discovered in oVirt 4.1.x before 4.1.9, where the combination of Enable Discard and Wipe After Delete flags for VM disks managed by oVirt, could cause a disk to be incompletely zeroed when removed from a VM. If the same storage blocks happen to be later allocated to a new disk attached to another VM, potentially sensitive data could be revealed to privileged users of that VM.
Weakness Type
Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.
Products Associated with CVE-2018-1062
Want to know whenever a new CVE is published for Red Hat Ovirt Engine? stack.watch will email you.
Affected Versions
oVirt Version 4.1.x before 4.1.9 is affected by CVE-2018-1062Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.