CVE-2008-0928 Information
Share on:Description
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
Reference
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html http://marc.info/?l=debian-security&m=120343592917055&w=2 http://secunia.com/advisories/29081 http://secunia.com/advisories/29129 http://secunia.com/advisories/29136 http://secunia.com/advisories/29172 http://secunia.com/advisories/29963 http://secunia.com/advisories/34642 http://secunia.com/advisories/35031 http://www.debian.org/security/2009/dsa-1799 http://www.mandriva.com/security/advisories?name=MDVSA-2008:162 http://www.mandriva.com/security/advisories?name=MDVSA-2009:016 http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00830.html http://www.redhat.com/archives/fedora-package-announce/2008-February/msg00850.html http://www.redhat.com/support/errata/RHSA-2008-0194.html http://www.securityfocus.com/bid/28001 https://bugzilla.redhat.com/show_bug.cgi?id=433560 https://oval.cisecurity.org/repository/search/definition/oval3Aorg.mitre.oval3Adef3A9706 https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00852.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00857.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00900.html https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00957.html