Vulnerability Details : CVE-2008-0928
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
Products affected by CVE-2008-0928
- cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-0928
0.07%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 33 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-0928
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.7
|
MEDIUM | AV:L/AC:M/Au:N/C:C/I:N/A:N |
3.4
|
6.9
|
NIST |
CWE ids for CVE-2008-0928
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2008-0928
-
https://bugzilla.redhat.com/show_bug.cgi?id=433560
433560 – (CVE-2008-0928) CVE-2008-0928 Qemu insufficient block device address range checking
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html
[SECURITY] Fedora 7 Update: qemu-0.9.0-4.fc7
-
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html
[SECURITY] Fedora 8 Update: kvm-60-2.fc8
-
http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
Mandriva
-
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:008 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://marc.info/?l=debian-security&m=120343592917055&w=2
'qemu unchecked block read/write vulnerability' - MARC
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html
[SECURITY] Fedora 7 Update: xen-3.1.2-2.fc7
-
http://www.securityfocus.com/bid/28001
-
http://www.redhat.com/support/errata/RHSA-2008-0194.html
Support
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html
[SECURITY] Fedora 8 Update: qemu-0.9.0-6.fc8
-
http://www.mandriva.com/security/advisories?name=MDVSA-2009:016
Mandriva
-
http://www.debian.org/security/2009/dsa-1799
[SECURITY] [DSA 1799-1] New qemu packages fix several vulnerabilities
-
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706
404 Not Found
-
https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html
[SECURITY] Fedora 8 Update: xen-3.1.2-2.fc8
-
http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html
[SECURITY] Fedora 7 Update: kvm-36-8.fc7
Jump to