National Cyber Awareness System

Vulnerability Summary for CVE-2008-0928

Overview

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

Impact

CVSS Severity (version 2.0):

CVSS Version 2 Metrics:

References to Advisories, Solutions, and Tools

By selecting these links, you will be leaving NIST webspace. We have provided these links to other web sites because they may have information that would be of interest to you. No inferences should be drawn on account of other sites being referenced, or not, from this page. There may be other web sites that are more appropriate for your purpose. NIST does not necessarily endorse the views expressed, or concur with the facts presented on these sites. Further, NIST does not endorse any commercial products that may be mentioned on these sites. Please address comments about this page to nvd@nist.gov.

External Source: FEDORA

Name: FEDORA-2008-2083

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html

External Source: FEDORA

Name: FEDORA-2008-2057

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html

External Source: CONFIRM

Name: https://bugzilla.redhat.com/show_bug.cgi?id=433560

Hyperlink:https://bugzilla.redhat.com/show_bug.cgi?id=433560

External Source: BID

Name: 28001

Hyperlink:http://www.securityfocus.com/bid/28001

External Source: FEDORA

Name: FEDORA-2008-1993

Hyperlink:http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html

External Source: FEDORA

Name: FEDORA-2008-1973

Hyperlink:http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html

External Source: MANDRIVA

Name: MDVSA-2009:016

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2009:016

External Source: MANDRIVA

Name: MDVSA-2008:162

Hyperlink:http://www.mandriva.com/security/advisories?name=MDVSA-2008:162

External Source: DEBIAN

Name: DSA-1799

Hyperlink:http://www.debian.org/security/2009/dsa-1799

External Source: SECUNIA

Name: 35031

Hyperlink:http://secunia.com/advisories/35031

External Source: SECUNIA

Name: 34642

Hyperlink:http://secunia.com/advisories/34642

External Source: SECUNIA

Name: 29172

Type: Advisory

Hyperlink:http://secunia.com/advisories/29172

External Source: SECUNIA

Name: 29136

Hyperlink:http://secunia.com/advisories/29136

External Source: SECUNIA

Name: 29129

Hyperlink:http://secunia.com/advisories/29129

External Source: OVAL

Name: oval:org.mitre.oval:def:9706

Hyperlink:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:9706

External Source: MLIST

Name: [debian-security] 20080219 qemu unchecked block read/write vulnerability

Hyperlink:http://marc.info/?l=debian-security&m=120343592917055&w=2

External Source: SUSE

Name: SUSE-SR:2009:008

Hyperlink:http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

External Source: FEDORA

Name: FEDORA-2008-2001

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html

External Source: FEDORA

Name: FEDORA-2008-1995

Hyperlink:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html

External Source: REDHAT

Name: RHSA-2008:0194

Hyperlink:http://www.redhat.com/support/errata/RHSA-2008-0194.html

External Source: SECUNIA

Name: 29963

Hyperlink:http://secunia.com/advisories/29963

External Source: SECUNIA

Name: 29081

Hyperlink:http://secunia.com/advisories/29081

References to Check Content

Identifier:oval:org.mitre.oval:def:9706

Check System:http://oval.mitre.org/XMLSchema/oval-definitions-5

Hyperlink:http://oval.mitre.org/repository/data/DownloadDefinition?id=oval:org.mitre.oval:def:9706