CVE-2008-0928

NameCVE-2008-0928
DescriptionQemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-1799-1, DTSA-133-1
NVD severitymedium (attack range: local)
Debian Bugs469649, 469654, 469662, 469666

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)wheezy1.1.2+dfsg-6a+deb7u12fixed
wheezy (security)1.1.2+dfsg-6+deb7u23fixed
jessie (security), jessie1:2.1+dfsg-12+deb8u6fixed
stretch1:2.8+dfsg-6fixed
stretch (security)1:2.8+dfsg-6+deb9u2fixed
buster, sid1:2.8+dfsg-7fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kvmsource(unstable)63+dfsg-1medium469666
kvmsourcelenny60+dfsg-1+lenny1mediumDTSA-133-1
qemusource(unstable)0.9.1+svn20081207-1low469649
qemusourceetch0.8.2-4etch3mediumDSA-1799-1
qemusourcelenny0.9.1-10lenny1mediumDSA-1799-1
xen-3source(unstable)3.2.0-4medium469662
xen-3.0source(unstable)(unfixed)medium
xen-unstablesource(unstable)3.2.0-4medium469654

Search for package or bug name: Reporting problems