CVE-2008-0928

Published: Mar 3, 2008Modified: Apr 23, 2026

4.7

Vector

AV:L/AC:M/Au:N/C:C/I:N/A:N

Exploitability: 3.4 / Impact: 6.9

Source: NVD

Description

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

Affected (29)

Products: Qemu: Qemu

1 product

Configuration A

29 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Version 0.1.0
Qemu Qemu	Version 0.1.1
Qemu Qemu	Version 0.1.2
Qemu Qemu	Version 0.1.3
Qemu Qemu	Version 0.1.4
Qemu Qemu	Version 0.1.5
Qemu Qemu	Version 0.1.6
Qemu Qemu	Version 0.2.0
Qemu Qemu	Version 0.3.0
Qemu Qemu	Version 0.4.0
Qemu Qemu	Version 0.4.1
Qemu Qemu	Version 0.4.2
Qemu Qemu	Version 0.4.3
Qemu Qemu	Version 0.5.0
Qemu Qemu	Version 0.5.1
Qemu Qemu	Version 0.5.2
Qemu Qemu	Version 0.5.3
Qemu Qemu	Version 0.5.4
Qemu Qemu	Version 0.5.5
Qemu Qemu	Version 0.6.0
Qemu Qemu	Version 0.6.1
Qemu Qemu	Version 0.7.0
Qemu Qemu	Version 0.7.1
Qemu Qemu	Version 0.7.2
Qemu Qemu	Version 0.8.0
Qemu Qemu	Version 0.8.1
Qemu Qemu	Version 0.8.2
Qemu Qemu	Version 0.9.0
Qemu Qemu	Version 0.9.1

Related CWEs

References (44)

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

Source: cve@mitre.org

http://marc.info/?l=debian-security&m=120343592917055&w=2

Source: cve@mitre.org

http://secunia.com/advisories/29081

Source: cve@mitre.org

http://secunia.com/advisories/29129

Source: cve@mitre.org

http://secunia.com/advisories/29136

Source: cve@mitre.org

http://secunia.com/advisories/29172

Source: cve@mitre.org

Vendor Advisory

http://secunia.com/advisories/29963

Source: cve@mitre.org

http://secunia.com/advisories/34642

Source: cve@mitre.org

http://secunia.com/advisories/35031

Source: cve@mitre.org

http://www.debian.org/security/2009/dsa-1799

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2008:162

Source: cve@mitre.org

http://www.mandriva.com/security/advisories?name=MDVSA-2009:016

Source: cve@mitre.org

http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html

Source: cve@mitre.org

http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html

Source: cve@mitre.org

http://www.redhat.com/support/errata/RHSA-2008-0194.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/28001

Source: cve@mitre.org

https://bugzilla.redhat.com/show_bug.cgi?id=433560

Source: cve@mitre.org

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html

Source: cve@mitre.org

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://marc.info/?l=debian-security&m=120343592917055&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29081

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29129

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29136

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/29172

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://secunia.com/advisories/29963

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/34642

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/35031

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.debian.org/security/2009/dsa-1799

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2008:162

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.mandriva.com/security/advisories?name=MDVSA-2009:016

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.redhat.com/support/errata/RHSA-2008-0194.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/28001

Source: af854a3a-2127-422b-91ae-364da2661108

https://bugzilla.redhat.com/show_bug.cgi?id=433560

Source: af854a3a-2127-422b-91ae-364da2661108

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.