CVE-2008-0928

Common Vulnerabilities and Exposures

CVE-2008-0928 at MITRE

Details

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

Novell Bugzilla entry: 362956

SUSE Security Advisories:

SUSE-SR:2009:008 , published Mon, 06 Apr 2009 15:00:00 +0000

Product(s)	Fixed package version(s)	References
openSUSE 10.3	`qemu >= 0.10.1-0.1`
openSUSE 11.0	`qemu-debuginfo >= 0.10.1-0.1` `qemu-debugsource >= 0.10.1-0.1`	SAT Patch Nr: 691
openSUSE 11.0	`qemu >= 0.10.1-0.1`	SAT Patch Nr: 691
openSUSE 11.1	`qemu-debuginfo >= 0.10.1-0.1.1` `qemu-debugsource >= 0.10.1-0.1.1`	SAT Patch Nr: 691
openSUSE 11.1	`qemu >= 0.10.1-0.1.1`	SAT Patch Nr: 691
SLE SDK 10 SP2 for IPF SLE SDK 10 SP2 for X86-64 SLE SDK 10 SP2 for x86 SUSE Linux Enterprise Desktop Thin Client for x86	`qemu >= 0.8.2-37.9`	sles10-sp2-sdk. ia64 SUSE Linux Enterprise Thin Client 10 SP2 x86 sles10-sp2-sdk. x86 sles10-sp2-sdk. x86-64 ZYPP Patch Nr: 6127
SLES 11 DEBUGINFO	`qemu-debuginfo >= 0.10.1-0.1.1` `qemu-debugsource >= 0.10.1-0.1.1`	sle11-debuginfo. x86 sle11-debuginfo. x86-64 sle11-debuginfo. x86-64 sle11-debuginfo. x86 SAT Patch Nr: 692
SLE 11	`qemu >= 0.10.1-0.1.1`	sle11-debuginfo. x86 sle11-debuginfo. x86-64 sle11-debuginfo. x86-64 sle11-debuginfo. x86 SAT Patch Nr: 692