CVE-2023-5088
published 2023-11-03CVE-2023-5088: A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the…
high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | qemu | < qemu 1:7.2+dfsg-7+deb12u3 (bookworm) | qemu 1:7.2+dfsg-7+deb12u3 (bookworm) |
| msrc | cbl2_qemu_6.2.0-21_on_cbl_mariner_2.0 | — | — |
| msrc | cbl2_qemu_6.2.0-24_on_cbl_mariner_2.0 | — | — |
| qemu | qemu | < 8.2.0 | 8.2.0 |
| qemu | qemu | >= 0 < 1:5.2+dfsg-11+deb11u4 | 1:5.2+dfsg-11+deb11u4 |
| qemu | qemu | >= 0 < 1:7.2+dfsg-7+deb12u3 | 1:7.2+dfsg-7+deb12u3 |
| qemu | qemu | >= 0 < 1:8.1.1+ds-2 | 1:8.1.1+ds-2 |
| qemu | qemu | >= 0 < 1:8.1.1+ds-2 | 1:8.1.1+ds-2 |
| qemu | qemu | >= 0 < 1:4.2-3ubuntu6.28 | 1:4.2-3ubuntu6.28 |
| qemu | qemu | >= 0 < 1:4.2-3ubuntu6.29 | 1:4.2-3ubuntu6.29 |
| qemu | qemu | >= 0 < 1:6.2+dfsg-2ubuntu6.16 | 1:6.2+dfsg-2ubuntu6.16 |
| qemu | qemu | >= 0 < 1:6.2+dfsg-2ubuntu6.21 | 1:6.2+dfsg-2ubuntu6.21 |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
CVSS provenance
nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.0HIGH