Vulnerability CVE-2008-0928: Information

Description

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

Severity: MEDIUM (4.7)

URL: https://nvd.nist.gov/vuln/detail/CVE-2008-0928

Published: March 4, 2008

Modified: Nov. 2, 2020

Error type identifier: CWE-264

References to Advisories, Solutions, and Tools

Hyperlink	Resource
[debian-security] 20080219 qemu unchecked block read/write vulnerability
https://bugzilla.redhat.com/show_bug.cgi?id=433560
FEDORA-2008-2057
FEDORA-2008-2083
29172	Vendor Advisory
FEDORA-2008-1995
FEDORA-2008-2001
29081
RHSA-2008:0194
29963
MDVSA-2008:162
FEDORA-2008-1993
28001
29136
FEDORA-2008-1973
29129
MDVSA-2009:016
SUSE-SR:2009:008
34642
DSA-1799
35031
oval:org.mitre.oval:def:9706

Affected configurations:
1. Configuration 1
  cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*
  cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*

Version: v24.5.3

Vulnerability CVE-2008-0928: Information

Description

References to Advisories, Solutions, and Tools

Configuration 1