CVE-2008-1945

EUVD-2008-1944
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
2.1 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 25%
Affected Products (NVD)
VendorProductVersion
qemuqemu
0.9.0
opensuseopensuse
10.3
opensuseopensuse
11.0
opensuseopensuse
11.1
debiandebian_linux
4.0
debiandebian_linux
5.0
canonicalubuntu_linux
8.04
canonicalubuntu_linux
8.10
redhatenterprise_linux_desktop
5.0
redhatenterprise_linux_eus
5.2
redhatenterprise_linux_server
5.0
redhatenterprise_linux_workstation
5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kvm
dapper
dne
feisty
ignored
gutsy
ignored
hardy
Fixed 1:62+dfsg-0ubuntu8.1
released
intrepid
Fixed 1:72+dfsg-1ubuntu6.1
released
jaunty
not-affected
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
qemu
dapper
ignored
feisty
ignored
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
qemu-kvm
dapper
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
xen-3.0
dapper
dne
feisty
ignored
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
xen-3.1
dapper
dne
feisty
dne
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
xen-3.2
dapper
dne
feisty
dne
gutsy
dne
hardy
ignored
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
xen-3.3
dapper
dne
feisty
dne
gutsy
dne
hardy
dne
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
dne
References
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/32063
http://secunia.com/advisories/32088
http://secunia.com/advisories/34642
http://secunia.com/advisories/35031
http://secunia.com/advisories/35062
http://www.debian.org/security/2009/dsa-1799
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
http://www.securityfocus.com/bid/30604
http://www.securitytracker.com/id?1020959
http://www.ubuntu.com/usn/usn-776-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/44269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9905
https://rhn.redhat.com/errata/RHSA-2008-0892.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/32063
http://secunia.com/advisories/32088
http://secunia.com/advisories/34642
http://secunia.com/advisories/35031
http://secunia.com/advisories/35062
http://www.debian.org/security/2009/dsa-1799
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
http://www.securityfocus.com/bid/30604
http://www.securitytracker.com/id?1020959
http://www.ubuntu.com/usn/usn-776-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/44269
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9905
https://rhn.redhat.com/errata/RHSA-2008-0892.html