CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:M/Au:N/C:C/I:N/A:N
EPSS
Percentile
28.7%
Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | qemu | < 0.9.1+svn20081207-1 | qemu_0.9.1+svn20081207-1_all.deb |
Debian | 11 | all | qemu | < 0.9.1+svn20081207-1 | qemu_0.9.1+svn20081207-1_all.deb |
Debian | 999 | all | qemu | < 0.9.1+svn20081207-1 | qemu_0.9.1+svn20081207-1_all.deb |
Debian | 13 | all | qemu | < 0.9.1+svn20081207-1 | qemu_0.9.1+svn20081207-1_all.deb |