CVE-2008-0928

NameCVE-2008-0928
DescriptionQemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-1799-1, DTSA-133-1
Debian Bugs469649, 469654, 469662, 469666

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu (PTS)jessie, jessie (lts)1:2.1+dfsg-12+deb8u23fixed
stretch (security)1:2.8+dfsg-6+deb9u17fixed
stretch (lts), stretch1:2.8+dfsg-6+deb9u19fixed
buster (security), buster, buster (lts)1:3.1+dfsg-8+deb10u12fixed
bullseye1:5.2+dfsg-11+deb11u3fixed
bullseye (security)1:5.2+dfsg-11+deb11u2fixed
bookworm1:7.2+dfsg-7+deb12u7fixed
sid, trixie1:9.2.0+ds-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
kvmsourcelenny60+dfsg-1+lenny1DTSA-133-1
kvmsource(unstable)63+dfsg-1469666
qemusourceetch0.8.2-4etch3DSA-1799-1
qemusourcelenny0.9.1-10lenny1DSA-1799-1
qemusource(unstable)0.9.1+svn20081207-1low469649
xen-3source(unstable)3.2.0-4469662
xen-3.0source(unstable)(unfixed)
xen-unstablesource(unstable)3.2.0-4469654

Search for package or bug name: Reporting problems