VDB
CVE-2008-2004
CVE-2008-2004
PUBLISHED
CVSS 4.900000095367432 MEDIUM
The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.
EPSS 0.09% · 26.0th percentile
Risk Scores
CVSS 2.0
4.900000095367432
EPSS Score
0.09%
26.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| qemu | qemu | 0.9.1 |
| n/a | n/a | n/a |
Exploit Intelligence
- USN-776-1 (circl)
- SUSE-SR:2008:013 (circl)
- RHSA-2008:0194 (circl)
- 29101 (circl)
- MDVSA-2008:162 (circl)
- oval:org.mitre.oval:def:11021 (circl)
- 29963 (circl)
- 30717 (circl)
- 35062 (circl)
- 29129 (circl)
…and 4 more exploits
Timeline
- May 12, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- 35062 third-party-advisory
- RHSA-2008:0194 vendor-advisory
- 29101 vdb
- [Qemu-devel] 20080428 [4277] add format= to drive options (CVE-2008-2004) mailing-list
- MDVSA-2008:162 vendor-advisory
- oval:org.mitre.oval:def:11021 vdb
- USN-776-1 vendor-advisory
- http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277 url
- 29963 third-party-advisory
- 29129 third-party-advisory
- 30111 third-party-advisory
- qemu-driveinit-security-bypass(42268) vdb
- SUSE-SR:2008:013 vendor-advisory
- 30717 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2008-2004 advisory