CVE-2008-0928

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.7 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
qemuqemu
0.1.0
qemuqemu
0.1.1
qemuqemu
0.1.2
qemuqemu
0.1.3
qemuqemu
0.1.4
qemuqemu
0.1.5
qemuqemu
0.1.6
qemuqemu
0.2.0
qemuqemu
0.3.0
qemuqemu
0.4.0
qemuqemu
0.4.1
qemuqemu
0.4.2
qemuqemu
0.4.3
qemuqemu
0.5.0
qemuqemu
0.5.1
qemuqemu
0.5.2
qemuqemu
0.5.3
qemuqemu
0.5.4
qemuqemu
0.5.5
qemuqemu
0.6.0
qemuqemu
0.6.1
qemuqemu
0.7.0
qemuqemu
0.7.1
qemuqemu
0.7.2
qemuqemu
0.8.0
qemuqemu
0.8.1
qemuqemu
0.8.2
qemuqemu
0.9.0
qemuqemu
0.9.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kvm
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
not-affected
intrepid
not-affected
hardy
Fixed 1:62+dfsg-0ubuntu3
released
gutsy
ignored
feisty
ignored
edgy
dne
dapper
dne
qemu
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
not-affected
intrepid
not-affected
hardy
ignored
gutsy
ignored
feisty
ignored
edgy
ignored
dapper
ignored
qemu-kvm
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
dne
intrepid
dne
hardy
dne
dapper
dne
xen-3.0
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
feisty
ignored
edgy
ignored
dapper
dne
xen-3.1
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
ignored
hardy
ignored
gutsy
ignored
feisty
dne
edgy
dne
dapper
dne
xen-3.2
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
ignored
gutsy
dne
feisty
dne
edgy
dne
dapper
dne
xen-3.3
oneiric
dne
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
dne
gutsy
dne
feisty
dne
edgy
dne
dapper
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://marc.info/?l=debian-security&m=120343592917055&w=2
http://secunia.com/advisories/29081
http://secunia.com/advisories/29129
http://secunia.com/advisories/29136
http://secunia.com/advisories/29172
http://secunia.com/advisories/29963
http://secunia.com/advisories/34642
http://secunia.com/advisories/35031
http://www.debian.org/security/2009/dsa-1799
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
http://www.mandriva.com/security/advisories?name=MDVSA-2009:016
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html
http://www.redhat.com/support/errata/RHSA-2008-0194.html
http://www.securityfocus.com/bid/28001
https://bugzilla.redhat.com/show_bug.cgi?id=433560
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://marc.info/?l=debian-security&m=120343592917055&w=2
http://secunia.com/advisories/29081
http://secunia.com/advisories/29129
http://secunia.com/advisories/29136
http://secunia.com/advisories/29172
http://secunia.com/advisories/29963
http://secunia.com/advisories/34642
http://secunia.com/advisories/35031
http://www.debian.org/security/2009/dsa-1799
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
http://www.mandriva.com/security/advisories?name=MDVSA-2009:016
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html
http://www.redhat.com/support/errata/RHSA-2008-0194.html
http://www.securityfocus.com/bid/28001
https://bugzilla.redhat.com/show_bug.cgi?id=433560
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html