{
  "threat_severity" : "Moderate",
  "public_date" : "2009-10-22T00:00:00Z",
  "bugzilla" : {
    "description" : "vdsm: missing VM post-zeroing after removal",
    "id" : "604752",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=604752"
  },
  "cvss" : {
    "cvss_base_score" : "2.1",
    "cvss_scoring_vector" : "AV:L/AC:L/Au:N/C:P/I:N/A:N",
    "status" : "verified"
  },
  "details" : [ "Virtual Desktop Server Manager (VDSM) in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 does not properly perform VM post-zeroing after the removal of a virtual machine's data, which allows guest OS users to obtain sensitive information by examining the disk blocks associated with a deleted virtual machine.", "Previously, the ISO image domain could not be shared with multiple Data Centers. The user had to define an independent ISO domain for each Data Center. With this update, the ISO image domain can be shared between multiple Data Centers." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Virtualization for RHEL-5",
    "release_date" : "2010-06-22T00:00:00Z",
    "advisory" : "RHSA-2010:0473",
    "cpe" : "cpe:/a:redhat:enterprise_linux:5::hypervisor",
    "package" : "vdsm22-0:4.5-62.el5rhev"
  }, {
    "product_name" : "Red Hat Enterprise Virtualization for RHEL-5",
    "release_date" : "2010-06-22T00:00:00Z",
    "advisory" : "RHSA-2010:0476",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5::hypervisor",
    "package" : "rhev-hypervisor-0:5.5-2.2.4.2.el5rhev"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2010-2223\nhttps://nvd.nist.gov/vuln/detail/CVE-2010-2223" ],
  "name" : "CVE-2010-2223",
  "csaw" : false
}