CVE-2008-1945

QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
VendorProductVersion
qemuqemu
0.9.0
opensuseopensuse
10.3
opensuseopensuse
11.0
opensuseopensuse
11.1
debiandebian_linux
4.0
debiandebian_linux
5.0
canonicalubuntu_linux
8.04
canonicalubuntu_linux
8.10
redhatenterprise_linux_desktop
5.0
redhatenterprise_linux_eus
5.2
redhatenterprise_linux_server
5.0
redhatenterprise_linux_workstation
5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
bookworm
1:7.2+dfsg-7+deb12u7
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kvm
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
not-affected
intrepid
Fixed 1:72+dfsg-1ubuntu6.1
released
hardy
Fixed 1:62+dfsg-0ubuntu8.1
released
gutsy
ignored
feisty
ignored
dapper
dne
qemu
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
ignored
intrepid
ignored
hardy
ignored
gutsy
ignored
feisty
ignored
dapper
ignored
qemu-kvm
oneiric
not-affected
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
dne
intrepid
dne
hardy
dne
dapper
dne
xen-3.0
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
feisty
ignored
dapper
dne
xen-3.1
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
ignored
hardy
ignored
gutsy
ignored
feisty
dne
dapper
dne
xen-3.2
oneiric
dne
natty
dne
maverick
dne
lucid
dne
karmic
dne
jaunty
dne
intrepid
dne
hardy
ignored
gutsy
dne
feisty
dne
dapper
dne
xen-3.3
oneiric
dne
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
dne
gutsy
dne
feisty
dne
dapper
dne
References
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/32063
http://secunia.com/advisories/32088
http://secunia.com/advisories/34642
http://secunia.com/advisories/35031
http://secunia.com/advisories/35062
http://www.debian.org/security/2009/dsa-1799
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
http://www.securityfocus.com/bid/30604
http://www.securitytracker.com/id?1020959
http://www.ubuntu.com/usn/usn-776-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/44269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9905
https://rhn.redhat.com/errata/RHSA-2008-0892.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/32063
http://secunia.com/advisories/32088
http://secunia.com/advisories/34642
http://secunia.com/advisories/35031
http://secunia.com/advisories/35062
http://www.debian.org/security/2009/dsa-1799
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
http://www.securityfocus.com/bid/30604
http://www.securitytracker.com/id?1020959
http://www.ubuntu.com/usn/usn-776-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/44269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9905
https://rhn.redhat.com/errata/RHSA-2008-0892.html