CVE-2008-2004
Advisory lineage Upstream: 0 Downstream: 3
Downstream
Modified
Published: 12 May 2008, 22:00
Last modified:07 Aug 2024, 08:41
Vulnerability Summary
Overall Risk (default)
medium
30/100 CVSS Score
4.9 MEDIUM
v2.0 (nvd)
EPSS Score
0.09% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
1 found
Dark Web
Not detected
Timeline
12 May 2008, 22:00
Published
Vulnerability first disclosed
07 Aug 2024, 08:41
Last Modified
Vulnerability information updated
Description
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.
CVSS Metrics
- v2.0•MEDIUM•Score: 4.9AV:L/AC:L/Au:N/C:C/I:N/A:N
EPSS Trends
Current EPSS score: 0.09%• Percentile: 26%
Techniques & Countermeasures
- CWE-200•Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
Affected Systems
- qemu•qemu
0.9.1
References (14)
- http://secunia.com/advisories/35062
- http://www.redhat.com/support/errata/RHSA-2008-0194.html
- http://www.securityfocus.com/bid/29101
- http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html
- http://www.mandriva.com/security/advisories?name=MDVSA-2008:162
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11021
- http://www.ubuntu.com/usn/usn-776-1
- http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277
- http://secunia.com/advisories/29963
- http://secunia.com/advisories/29129
- http://secunia.com/advisories/30111
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42268
- http://www.novell.com/linux/security/advisories/2008_13_sr.html
- http://secunia.com/advisories/30717