[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-5088":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-04T14:53:31.930Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":50,"aliases":51,"duplicate_of":9,"upstream":52,"downstream":53,"duplicates":70,"related":71,"reserved_at":9,"published_at":73,"modified_at":74,"state":75,"summary":76,"references_raw":84,"kevs":126,"epss":127,"epss_history":130,"metrics":387,"affected":399},"CVE-2023-5088","A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.",null,[11,43],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":9,"capec":18},"CWE-662","Improper Synchronization","The product utilizes multiple threads, processes, components, or systems to allow temporary access to a shared resource that can only be exclusive to one process at a time, but it does not properly synchronize these actions, which might cause simultaneous accesses of this resource by multiple threads or processes.","weakness","Draft","Class",[19,31,35,39],{"id":20,"name":21,"techniques":22},"CAPEC-25","Forced Deadlock",[23],{"id":24,"name":25,"tactics":26,"countermeasures":30},"T1499.004","Application or System Exploitation",[27],{"id":28,"name":29},"TA0105","Impact",[],{"id":32,"name":33,"techniques":34},"CAPEC-26","Leveraging Race Conditions",[],{"id":36,"name":37,"techniques":38},"CAPEC-27","Leveraging Race Conditions via Symbolic Links",[],{"id":40,"name":41,"techniques":42},"CAPEC-29","Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions",[],{"_key":44,"id":44,"name":45,"description":46,"type":15,"status":47,"abstraction":48,"likelihood_of_exploit":9,"capec":49},"CWE-821","Incorrect Synchronization","The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.","Incomplete","Base",[],[],[],[],[54,56,58,60,62,64,66,68],{"_key":55},"UBUNTU-CVE-2023-5088",{"_key":57},"DLA-3759-1",{"_key":59},"DLA-4144-1",{"_key":61},"RHSA-2024:2135",{"_key":63},"RHSA-2024:2962",{"_key":65},"MGASA-2024-0387",{"_key":67},"USN-6567-1",{"_key":69},"DEBIAN-CVE-2023-5088",[],[72],{"_key":65},"2023-11-03T13:58:50.085Z","2026-02-25T18:18:36.359Z","Modified",{"cisa_kev":77,"cisa_ransomware":77,"cisa_vendor":9,"epss_severity":78,"epss_score":79,"severity":80,"severity_score":4,"severity_version":81,"severity_source":82,"severity_vector":83,"severity_status":75},false,"low",0.00014,"high","v3.1","nvd","CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",[85,92,96,102,108,113,118,122],{"url":86,"sources":87,"tags":89},"https://access.redhat.com/errata/RHSA-2024:2135",[88,82],"cve.org",[90,91],"Vendor Advisory","X Refsource REDHAT",{"url":93,"sources":94,"tags":95},"https://access.redhat.com/errata/RHSA-2024:2962",[88,82],[90,91],{"url":97,"sources":98,"tags":99},"https://access.redhat.com/security/cve/CVE-2023-5088",[88,82],[100,91,101],"VDB Entry","Third Party Advisory",{"url":103,"sources":104,"tags":105},"https://bugzilla.redhat.com/show_bug.cgi?id=2247283",[88,82],[106,91,107],"Issue Tracking","Patch",{"url":109,"sources":110,"tags":111},"https://lore.kernel.org/all/20230921160712.99521-1-simon.rowe@nutanix.com/T/",[88,82],[112,107],"Mailing List",{"url":114,"sources":115,"tags":116},"https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html",[88,82],[117],"X Transferred",{"url":119,"sources":120,"tags":121},"https://security.netapp.com/advisory/ntap-20231208-0005/",[88,82],[117],{"url":123,"sources":124,"tags":125},"https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html",[88,82],[],[],{"date":128,"score":79,"percentile":129},"2026-06-04",0.02864,[131,135,138,141,144,147,150,153,156,159,162,165,168,171,174,178,181,184,187,190,193,196,199,202,204,207,210,213,216,219,222,225,228,230,233,235,237,240,243,246,249,252,254,257,259,261,263,266,268,271,274,276,279,282,285,288,291,294,297,300,303,305,308,311,314,317,320,323,326,329,332,335,338,341,344,347,350,352,354,357,360,362,364,367,370,373,375,378,381,384],{"date":132,"score":133,"percentile":134},"2025-11-04",0.00013,0.01452,{"date":136,"score":133,"percentile":137},"2025-11-05",0.01476,{"date":139,"score":133,"percentile":140},"2025-11-06",0.01494,{"date":142,"score":133,"percentile":143},"2025-11-07",0.01499,{"date":145,"score":133,"percentile":146},"2025-11-08",0.01504,{"date":148,"score":133,"percentile":149},"2025-11-09",0.01503,{"date":151,"score":133,"percentile":152},"2025-11-10",0.01483,{"date":154,"score":133,"percentile":155},"2025-11-11",0.01495,{"date":157,"score":133,"percentile":158},"2025-11-12",0.01505,{"date":160,"score":133,"percentile":161},"2025-11-13",0.01518,{"date":163,"score":133,"percentile":164},"2025-11-14",0.0152,{"date":166,"score":133,"percentile":167},"2025-11-15",0.01542,{"date":169,"score":133,"percentile":170},"2025-11-16",0.01544,{"date":172,"score":133,"percentile":173},"2025-11-17",0.01531,{"date":175,"score":176,"percentile":177},"2025-11-18",0.00043,0.08362,{"date":179,"score":176,"percentile":180},"2025-11-19",0.08371,{"date":182,"score":176,"percentile":183},"2025-11-20",0.08403,{"date":185,"score":133,"percentile":186},"2025-11-21",0.01699,{"date":188,"score":133,"percentile":189},"2025-11-22",0.01698,{"date":191,"score":133,"percentile":192},"2025-11-23",0.01688,{"date":194,"score":133,"percentile":195},"2025-11-24",0.01578,{"date":197,"score":133,"percentile":198},"2025-11-25",0.01564,{"date":200,"score":133,"percentile":201},"2025-11-26",0.01511,{"date":203,"score":133,"percentile":201},"2025-11-27",{"date":205,"score":133,"percentile":206},"2025-11-28",0.01508,{"date":208,"score":133,"percentile":209},"2025-11-29",0.01548,{"date":211,"score":133,"percentile":212},"2025-11-30",0.01558,{"date":214,"score":133,"percentile":215},"2025-12-01",0.01585,{"date":217,"score":133,"percentile":218},"2025-12-02",0.0158,{"date":220,"score":133,"percentile":221},"2025-12-03",0.01582,{"date":223,"score":133,"percentile":224},"2025-12-04",0.01555,{"date":226,"score":133,"percentile":227},"2025-12-05",0.01566,{"date":229,"score":133,"percentile":227},"2025-12-06",{"date":231,"score":133,"percentile":232},"2025-12-07",0.01562,{"date":234,"score":133,"percentile":232},"2025-12-08",{"date":236,"score":133,"percentile":195},"2025-12-09",{"date":238,"score":133,"percentile":239},"2025-12-10",0.01591,{"date":241,"score":133,"percentile":242},"2025-12-11",0.01587,{"date":244,"score":133,"percentile":245},"2025-12-12",0.01594,{"date":247,"score":133,"percentile":248},"2025-12-13",0.01577,{"date":250,"score":133,"percentile":251},"2025-12-14",0.01572,{"date":253,"score":133,"percentile":227},"2025-12-15",{"date":255,"score":133,"percentile":256},"2025-12-16",0.01575,{"date":258,"score":133,"percentile":215},"2025-12-17",{"date":260,"score":133,"percentile":248},"2025-12-18",{"date":262,"score":133,"percentile":221},"2025-12-19",{"date":264,"score":133,"percentile":265},"2025-12-20",0.01583,{"date":267,"score":133,"percentile":239},"2025-12-21",{"date":269,"score":133,"percentile":270},"2025-12-22",0.01595,{"date":272,"score":133,"percentile":273},"2025-12-23",0.01593,{"date":275,"score":133,"percentile":245},"2025-12-24",{"date":277,"score":133,"percentile":278},"2025-12-25",0.01599,{"date":280,"score":133,"percentile":281},"2025-12-26",0.016,{"date":283,"score":133,"percentile":284},"2025-12-27",0.0159,{"date":286,"score":79,"percentile":287},"2025-12-28",0.02004,{"date":289,"score":79,"percentile":290},"2025-12-29",0.01995,{"date":292,"score":79,"percentile":293},"2025-12-30",0.0199,{"date":295,"score":79,"percentile":296},"2025-12-31",0.01987,{"date":298,"score":79,"percentile":299},"2026-01-01",0.02012,{"date":301,"score":79,"percentile":302},"2026-01-02",0.02006,{"date":304,"score":79,"percentile":299},"2026-01-03",{"date":306,"score":79,"percentile":307},"2026-01-04",0.01974,{"date":309,"score":79,"percentile":310},"2026-01-05",0.0198,{"date":312,"score":79,"percentile":313},"2026-01-06",0.01976,{"date":315,"score":79,"percentile":316},"2026-01-07",0.01994,{"date":318,"score":79,"percentile":319},"2026-01-08",0.02013,{"date":321,"score":79,"percentile":322},"2026-01-09",0.02028,{"date":324,"score":79,"percentile":325},"2026-01-10",0.02043,{"date":327,"score":79,"percentile":328},"2026-01-11",0.02031,{"date":330,"score":79,"percentile":331},"2026-01-12",0.0203,{"date":333,"score":79,"percentile":334},"2026-01-13",0.02021,{"date":336,"score":79,"percentile":337},"2026-01-14",0.02029,{"date":339,"score":79,"percentile":340},"2026-01-15",0.02022,{"date":342,"score":79,"percentile":343},"2026-01-16",0.02024,{"date":345,"score":79,"percentile":346},"2026-01-17",0.02026,{"date":348,"score":79,"percentile":349},"2026-01-18",0.02036,{"date":351,"score":79,"percentile":346},"2026-01-19",{"date":353,"score":79,"percentile":299},"2026-01-20",{"date":355,"score":79,"percentile":356},"2026-01-21",0.02009,{"date":358,"score":79,"percentile":359},"2026-01-22",0.02003,{"date":361,"score":79,"percentile":299},"2026-01-23",{"date":363,"score":79,"percentile":346},"2026-01-24",{"date":365,"score":79,"percentile":366},"2026-01-25",0.02019,{"date":368,"score":79,"percentile":369},"2026-01-26",0.02018,{"date":371,"score":79,"percentile":372},"2026-01-27",0.02016,{"date":374,"score":79,"percentile":369},"2026-01-28",{"date":376,"score":79,"percentile":377},"2026-01-29",0.02035,{"date":379,"score":79,"percentile":380},"2026-01-30",0.02037,{"date":382,"score":79,"percentile":383},"2026-01-31",0.02058,{"date":385,"score":79,"percentile":386},"2026-02-01",0.02087,[388,395],{"source":88,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":389,"cvss_v4_0":9},{"baseScore":390,"baseSeverity":391,"vectorString":392,"impactScore":393,"exploitabilityScore":394},6.4,"MEDIUM","CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",9.8,1.3,{"source":82,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":396,"cvss_v4_0":9},{"baseScore":4,"baseSeverity":397,"vectorString":83,"impactScore":393,"exploitabilityScore":398},"HIGH",2.6,[400,410],{"ecosystem":9,"name":401,"vendor":401,"product":401,"cpe_part":402,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":403},"qemu","a",[404],{"version":405,"is_range":406,"range_type":407,"version_start":9,"version_start_type":9,"version_end":408,"version_end_type":409,"fixed_in":9},"lt8.2.0",true,"cpe","8.2.0","excluding",{"ecosystem":9,"name":411,"vendor":412,"product":413,"cpe_part":414,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":415},"enterprise linux","redhat","enterprise_linux","o",[416,418],{"version":417,"is_range":77,"range_type":407,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"version":419,"is_range":77,"range_type":407,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0"]