CVE - CVE-2008-0928

CVE-ID
CVE-2008-0928	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:28001 URL:http://www.securityfocus.com/bid/28001 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=433560 DEBIAN:DSA-1799 URL:http://www.debian.org/security/2009/dsa-1799 FEDORA:FEDORA-2008-1973 URL:http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html FEDORA:FEDORA-2008-1993 URL:http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html FEDORA:FEDORA-2008-1995 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html FEDORA:FEDORA-2008-2001 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html FEDORA:FEDORA-2008-2057 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html FEDORA:FEDORA-2008-2083 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html MANDRIVA:MDVSA-2008:162 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2008:162~~ (Obsolete source) MANDRIVA:MDVSA-2009:016 URL:~~http://www.mandriva.com/security/advisories?name=MDVSA-2009:016~~ (Obsolete source) MLIST:[debian-security] 20080219 qemu unchecked block read/write vulnerability URL:http://marc.info/?l=debian-security&m=120343592917055&w=2 OVAL:oval:org.mitre.oval:def:9706 URL:https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9706 REDHAT:RHSA-2008:0194 URL:http://www.redhat.com/support/errata/RHSA-2008-0194.html SECUNIA:29081 URL:http://secunia.com/advisories/29081 SECUNIA:29129 URL:http://secunia.com/advisories/29129 SECUNIA:29136 URL:http://secunia.com/advisories/29136 SECUNIA:29172 URL:http://secunia.com/advisories/29172 SECUNIA:29963 URL:http://secunia.com/advisories/29963 SECUNIA:34642 URL:http://secunia.com/advisories/34642 SECUNIA:35031 URL:http://secunia.com/advisories/35031 SUSE:SUSE-SR:2009:008 URL:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
Assigning CNA
MITRE Corporation
Date Record Created
20080225	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080225)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)