CVE-2008-0928

high

Description

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

References

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706

https://bugzilla.redhat.com/show_bug.cgi?id=433560

http://www.securityfocus.com/bid/28001

http://www.redhat.com/support/errata/RHSA-2008-0194.html

http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html

http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html

http://www.mandriva.com/security/advisories?name=MDVSA-2009:016

http://www.mandriva.com/security/advisories?name=MDVSA-2008:162

http://www.debian.org/security/2009/dsa-1799

http://secunia.com/advisories/35031

http://secunia.com/advisories/34642

http://secunia.com/advisories/29963

http://secunia.com/advisories/29172

http://secunia.com/advisories/29136

http://secunia.com/advisories/29129

http://secunia.com/advisories/29081

http://marc.info/?l=debian-security&m=120343592917055&w=2

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

Details

Source: Mitre, NVD

Published: 2008-03-03

Updated: 2024-11-21

Risk Information

CVSS v2

Base Score: 4.7

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:N/A:N

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: High