CVE-2008-4539 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	7.2 UNKNOWN	LOCAL	LOW		AV:L/AC:L/Au:N/C:C/I:C/A:C

Base Score

CVSS 3.x

EPSS Score

Percentile: 15%

Affected Products (NVD)

Vendor	Product	Version
kvm_qumranet	kvm	𝑥 ≤ 81
qemu	qemu	𝑥 < 0.10.0
canonical	ubuntu_linux	8.04
canonical	ubuntu_linux	8.10
debian	debian_linux	4.0
debian	debian_linux	5.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

qemu

bookworm	1:7.2+dfsg-7+deb12u7 fixed
bullseye	1:5.2+dfsg-11+deb11u3 fixed
bullseye (security)	1:5.2+dfsg-11+deb11u2 fixed
etch	not-affected
sid	1:9.1.1+ds-2 fixed
trixie	1:9.1.1+ds-2 fixed

Ubuntu Releases

Ubuntu Product

Codename

kvm

dapper	dne
gutsy	ignored
hardy	Fixed 1:62+dfsg-0ubuntu8.1 released
intrepid	Fixed 1:72+dfsg-1ubuntu6.1 released
jaunty	not-affected
karmic	dne
lucid	dne
maverick	dne
natty	dne
oneiric	dne

qemu

dapper	ignored
gutsy	ignored
hardy	ignored
intrepid	ignored
jaunty	ignored
karmic	dne
lucid	dne
maverick	dne
natty	dne
oneiric	dne

qemu-kvm

dapper	dne
hardy	dne
intrepid	dne
jaunty	dne
karmic	not-affected
lucid	not-affected
maverick	not-affected
natty	not-affected
oneiric	not-affected

openSUSE / SLES Releases

openSUSE Product

Release

qemu

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-block-curl

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-block-iscsi

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-block-rbd

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-block-ssh

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-guest-agent

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-ipxe

suse enterprise sap 15	1.0.0-7.5 fixed
suse enterprise server 15	1.0.0-7.5 fixed

qemu-kvm

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-lang

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

qemu-seabios

suse enterprise sap 15	1.11.0-7.5 fixed
suse enterprise server 15	1.11.0-7.5 fixed

qemu-sgabios-8

suse enterprise sap 15	7.5 fixed
suse enterprise server 15	7.5 fixed

qemu-vgabios

suse enterprise sap 15	1.11.0-7.5 fixed
suse enterprise server 15	1.11.0-7.5 fixed

qemu-x86

suse enterprise sap 15	2.11.1-7.5 fixed
suse enterprise server 15	2.11.1-7.5 fixed

Common Weakness Enumeration

CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
The software performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

References

http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069

http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

http://secunia.com/advisories/25073

http://secunia.com/advisories/29129

http://secunia.com/advisories/33350

http://secunia.com/advisories/34642

http://secunia.com/advisories/35031

http://secunia.com/advisories/35062

http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5587

http://www.debian.org/security/2009/dsa-1799

http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html

http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html

http://www.ubuntu.com/usn/usn-776-1

https://bugzilla.redhat.com/show_bug.cgi?id=237342

https://bugzilla.redhat.com/show_bug.cgi?id=448525

https://bugzilla.redhat.com/show_bug.cgi?id=466890

https://exchange.xforce.ibmcloud.com/vulnerabilities/47736

https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html

http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069

http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

http://secunia.com/advisories/25073

http://secunia.com/advisories/29129

http://secunia.com/advisories/33350

http://secunia.com/advisories/34642

http://secunia.com/advisories/35031

http://secunia.com/advisories/35062

http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5587

http://www.debian.org/security/2009/dsa-1799

http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html

http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html

http://www.ubuntu.com/usn/usn-776-1

https://bugzilla.redhat.com/show_bug.cgi?id=237342

https://bugzilla.redhat.com/show_bug.cgi?id=448525

https://bugzilla.redhat.com/show_bug.cgi?id=466890

https://exchange.xforce.ibmcloud.com/vulnerabilities/47736

https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1

https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html