VDB
DEBIAN-CVE-2023-5088
DEBIAN-CVE-2023-5088
PUBLISHED
CVSS 7 HIGH
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
Risk Scores
CVSS 3.1
7
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:14 | qemu | 0, 0, 0 |
| Debian:12 | qemu | 1:7.2+dfsg-7, 0, 1:7.2+dfsg-7+deb12u1 |
| Debian:13 | qemu | 0, 0, 0 |
| Debian:11 | qemu | 1:5.2+dfsg-11+deb11u2, 1:5.2+dfsg-11+deb11u3, 0 |
Timeline
- Nov 3, 2023 CVE Published
- Apr 28, 2026 CVE Updated