CVE-2008-0928
Published: 3 March 2008
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
Priority
Status
Package | Release | Status |
---|---|---|
kvm Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Needed
(reached end-of-life)
|
|
gutsy |
Needed
(reached end-of-life)
|
|
hardy |
Released
(1:62+dfsg-0ubuntu3)
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Needed
|
|
Patches: vendor: http://patch-tracking.debian.net/patch/series/view/kvm/72+dfsg-1.1/CVE-2008-0928.patch |
||
qemu Launchpad, Ubuntu, Debian |
dapper |
Ignored
(reached end-of-life)
|
edgy |
Needed
(reached end-of-life)
|
|
feisty |
Needed
(reached end-of-life)
|
|
gutsy |
Needed
(reached end-of-life)
|
|
hardy |
Ignored
(reached end-of-life)
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Needed
|
|
qemu-kvm Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Not vulnerable
|
|
precise |
Not vulnerable
|
|
upstream |
Needs triage
|
|
xen-3.0 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Needs triage
(reached end-of-life)
|
|
feisty |
Needs triage
(reached end-of-life)
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Needs triage
|
|
xen-3.1 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Needed
(reached end-of-life)
|
|
hardy |
Ignored
(reached end-of-life)
|
|
intrepid |
Needed
(reached end-of-life)
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Needs triage
|
|
Patches: vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-CVE-2008-0928.patch vendor: https://bugzilla.redhat.com/attachment.cgi?id=296004 (improved) |
||
Binaries built from this source package are in Universe and so are supported by the community. | ||
xen-3.2 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Ignored
(reached end-of-life)
|
|
intrepid |
Does not exist
|
|
jaunty |
Does not exist
|
|
karmic |
Does not exist
|
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Released
(3.2.0-4)
|
|
Patches: vendor: http://people.ubuntu.com/~kees/qemu/xen-qemu-CVE-2008-0928.patch vendor: https://bugzilla.redhat.com/attachment.cgi?id=296004 (improved) |
||
Binaries built from this source package are in Universe and so are supported by the community. | ||
xen-3.3 Launchpad, Ubuntu, Debian |
dapper |
Does not exist
|
edgy |
Does not exist
|
|
feisty |
Does not exist
|
|
gutsy |
Does not exist
|
|
hardy |
Does not exist
|
|
intrepid |
Not vulnerable
|
|
jaunty |
Not vulnerable
|
|
karmic |
Not vulnerable
|
|
lucid |
Not vulnerable
|
|
maverick |
Not vulnerable
|
|
natty |
Not vulnerable
|
|
oneiric |
Does not exist
|
|
precise |
Does not exist
|
|
upstream |
Not vulnerable
|