CVE 2008-0928
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
Related bugs and status
CVE-2008-0928 (Candidate) is related to these bugs:
Bug #125302: kvm-ifup fails to initialize tap networking
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 125302 | kvm-ifup fails to initialize tap networking | kvm (Ubuntu) | Medium | Fix Released | ||
Bug #213570: kvm vulnerable to several CVEs
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 213570 | kvm vulnerable to several CVEs | kvm (Ubuntu) | High | Fix Released | ||
| 213570 | kvm vulnerable to several CVEs | kvm (Ubuntu Feisty) | Undecided | Won't Fix | ||
| 213570 | kvm vulnerable to several CVEs | kvm (Ubuntu Gutsy) | Undecided | Won't Fix | ||
| 213570 | kvm vulnerable to several CVEs | qemu (Ubuntu) | Undecided | Fix Released | ||
| 213570 | kvm vulnerable to several CVEs | qemu (Ubuntu Feisty) | Undecided | Won't Fix | ||
| 213570 | kvm vulnerable to several CVEs | qemu (Ubuntu Gutsy) | Undecided | Won't Fix | ||
| 213570 | kvm vulnerable to several CVEs | kvm (Ubuntu Dapper) | Undecided | Invalid | ||
| 213570 | kvm vulnerable to several CVEs | qemu (Ubuntu Dapper) | Undecided | Won't Fix | ||
| 213570 | kvm vulnerable to several CVEs | kvm (Ubuntu Edgy) | Undecided | Invalid | ||
| 213570 | kvm vulnerable to several CVEs | qemu (Ubuntu Edgy) | Undecided | Invalid | ||
| 213570 | kvm vulnerable to several CVEs | kvm (Ubuntu Hardy) | Undecided | Fix Released | ||
| 213570 | kvm vulnerable to several CVEs | qemu (Ubuntu Hardy) | Undecided | Fix Released | ||
| 213570 | kvm vulnerable to several CVEs | kvm (Fedora) | High | Fix Released | ||
Bug #316521: merge kvm-82 into ubuntu
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 316521 | merge kvm-82 into ubuntu | kvm (Ubuntu) | Undecided | Fix Released | ||
Bug #341237: Please sync qemu 0.10.0-1 (universe) from Debian unstable (main).
| Summary | In | Importance | Status | |||
|---|---|---|---|---|---|---|
| 341237 | Please sync qemu 0.10.0-1 (universe) from Debian unstable (main). | qemu (Ubuntu) | Medium | Fix Released | ||
See the 
CVE page on Mitre.org
for more details.
