DEBIAN-CVE-2008-2004

Advisory lineage Upstream: 1 Downstream: 1

Upstream

CVE-2008-2004

Downstream

DTSA-133-1

Published: 12 May 2008, 22:20

Last modified:28 Apr 2026, 20:10

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 May 2008, 22:20

Published

Vulnerability first disclosed

28 Apr 2026, 20:10

Last Modified

Vulnerability information updated

Description

The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.

Affected Systems

debian•qemu
< 0.9.1-5 | < 0.9.1-5 | < 0.9.1-5 | < 0.9.1-5

References (1)

https://security-tracker.debian.org/tracker/CVE-2008-2004