The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable. No vendor patch available.
Red Hat
Privilege Escalation
Enterprise Virtualization
NVD
CVSS 2.0
3.5
EPSS
0.3%