CVE-2008-0928

Published: 03 March 2008

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

Priority

Medium

Status

Package Release Status
kvm
Launchpad, Ubuntu, Debian
Upstream Needed

Patches:
Vendor: http://patch-tracking.debian.net/patch/series/view/kvm/72+dfsg-1.1/CVE-2008-0928.patch
qemu
Launchpad, Ubuntu, Debian
Upstream Needed

qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

xen-3.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

xen-3.1
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-CVE-2008-0928.patch
Vendor: https://bugzilla.redhat.com/attachment.cgi?id=296004 (improved)
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.2
Launchpad, Ubuntu, Debian
Upstream
Released (3.2.0-4)
Patches:
Vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-CVE-2008-0928.patch
Vendor: https://bugzilla.redhat.com/attachment.cgi?id=296004 (improved)
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian
Upstream Not vulnerable

Notes

AuthorNote
kees
note that the original patch corrupts growable devices, see RH bug
jdstrand
there is now an updated patch in the RH bug 434978
Debian claims that patches break existing images

References

Bugs