CVE-2008-0928

Severity

47%

Complexity

34%

Confidentiality

115%

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

CVSS 2.0 Base Score 4.7. CVSS Attack Vector: local. CVSS Attack Complexity: medium. CVSS Vector: (AV:L/AC:M/Au:N/C:C/I:N/A:N).

Overview

Type

QEMU

First reported 16 years ago

2008-03-03 22:44:00

Last updated 7 years ago

2017-09-29 01:30:00

Affected Software

QEMU 0.1

0.1

QEMU 0.1.1

0.1.1

QEMU 0.1.2

0.1.2

QEMU 0.1.3

0.1.3

QEMU 0.1.4

0.1.4

QEMU 0.1.5

0.1.5

QEMU 0.1.6

0.1.6

QEMU 0.2

0.2

QEMU 0.3

0.3

QEMU 0.4

0.4

QEMU 0.4.1

0.4.1

QEMU 0.4.2

0.4.2

QEMU 0.4.3

0.4.3

QEMU 0.5.0

0.5.0

QEMU 0.5.1

0.5.1

QEMU 0.5.2

0.5.2

QEMU 0.5.3

0.5.3

QEMU 0.5.4

0.5.4

QEMU 0.5.5

0.5.5

QEMU 0.6.0

0.6.0

QEMU 0.6.1

0.6.1

QEMU 0.7.0

0.7.0

QEMU 0.7.1

0.7.1

QEMU 0.7.2

0.7.2

QEMU 0.8.0

0.8.0

QEMU 0.8.1

0.8.1

QEMU 0.8.2

0.8.2

QEMU 0.9.0

0.9.0

QEMU 0.9.1

0.9.1

References

SUSE-SR:2009:008

[debian-security] 20080219 qemu unchecked block read/write vulnerability

29081

29129

29136

29172

Vendor Advisory

29963

34642

35031

DSA-1799

MDVSA-2008:162

MDVSA-2009:016

FEDORA-2008-1973

FEDORA-2008-1993

RHSA-2008:0194

28001

https://bugzilla.redhat.com/show_bug.cgi?id=433560

oval:org.mitre.oval:def:9706

FEDORA-2008-1995

FEDORA-2008-2001

FEDORA-2008-2057

FEDORA-2008-2083

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.