CVE-2008-4539

EUVD-2008-4520
Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow.  NOTE: this issue exists because of an incorrect fix for CVE-2007-1320.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.2 UNKNOWN
LOCAL
LOW
AV:L/AC:L/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 14%
Affected Products (NVD)
VendorProductVersion
kvm_qumranetkvm
𝑥
≤ 81
qemuqemu
𝑥
< 0.10.0
canonicalubuntu_linux
8.04
canonicalubuntu_linux
8.10
debiandebian_linux
4.0
debiandebian_linux
5.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
etch
not-affected
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kvm
dapper
dne
gutsy
ignored
hardy
Fixed 1:62+dfsg-0ubuntu8.1
released
intrepid
Fixed 1:72+dfsg-1ubuntu6.1
released
jaunty
not-affected
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
qemu
dapper
ignored
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
qemu-kvm
dapper
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
Common Weakness Enumeration
References
http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069
http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/25073
http://secunia.com/advisories/29129
http://secunia.com/advisories/33350
http://secunia.com/advisories/34642
http://secunia.com/advisories/35031
http://secunia.com/advisories/35062
http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5587
http://www.debian.org/security/2009/dsa-1799
http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html
http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html
http://www.ubuntu.com/usn/usn-776-1
https://bugzilla.redhat.com/show_bug.cgi?id=237342
https://bugzilla.redhat.com/show_bug.cgi?id=448525
https://bugzilla.redhat.com/show_bug.cgi?id=466890
https://exchange.xforce.ibmcloud.com/vulnerabilities/47736
https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html
http://git.kernel.dk/?p=qemu.git%3Ba=commitdiff%3Bh=65d35a09979e63541afc5bfc595b9f1b1b4ae069
http://groups.google.com/group/linux.debian.changes.devel/msg/9e0dc008572f2867?dmode=source
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/25073
http://secunia.com/advisories/29129
http://secunia.com/advisories/33350
http://secunia.com/advisories/34642
http://secunia.com/advisories/35031
http://secunia.com/advisories/35062
http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5587
http://www.debian.org/security/2009/dsa-1799
http://www.mail-archive.com/cvs-all%40freebsd.org/msg129730.html
http://www.mail-archive.com/secure-testing-commits%40lists.alioth.debian.org/msg09322.html
http://www.ubuntu.com/usn/usn-776-1
https://bugzilla.redhat.com/show_bug.cgi?id=237342
https://bugzilla.redhat.com/show_bug.cgi?id=448525
https://bugzilla.redhat.com/show_bug.cgi?id=466890
https://exchange.xforce.ibmcloud.com/vulnerabilities/47736
https://launchpad.net/ubuntu/jaunty/+source/qemu/0.9.1+svn20081112-1ubuntu1
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html