CVE-2010-2224

Vulnerability

The snapshot merging functionality in Red Hat Enterprise Virtualization Manager (RHEV-M) before version 2.2 does not properly pass the postzero parameter during operations on deleted volumes [1]. This omission means that when a volume is deleted after a snapshot merge, the associated disk blocks are not securely zeroed as intended. The affected versions are all RHEV-M releases prior to 2.2.

Exploitation

An attacker with guest OS access to a new, raw virtual machine (VM) created in a data domain that previously contained deleted VMs can read limited data from those deleted VMs [1]. The attacker must be able to read raw disk blocks of the new VM, which may contain residual data from the deleted VM's disk blocks. No special privileges beyond guest access are required; the attack is feasible from within the guest operating system.

Impact

Successful exploitation allows a guest user to obtain sensitive information from the disk blocks of a deleted virtual machine, potentially disclosing confidential data [1]. The impact is limited to information disclosure; no code execution or privilege escalation is achieved. The scope is confined to reading residual data from previously deleted VMs on the same data domain.

Mitigation

Red Hat released RHEV-M version 2.2 which fixes the issue by correctly passing the postzero parameter [1]. Users should upgrade to RHEV-M 2.2 or later. No workaround is documented. The vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog.