First published: Tue Oct 31 2023(Updated: )
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
Credit: secalert@redhat.com secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/qemu-kvm | <8.2.0 | 8.2.0 |
QEMU qemu | <8.2.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =8.0 | |
Redhat Enterprise Linux | =9.0 | |
ubuntu/qemu | <1:4.2-3ubuntu6.28 | 1:4.2-3ubuntu6.28 |
ubuntu/qemu | <1:6.2+dfsg-2ubuntu6.16 | 1:6.2+dfsg-2ubuntu6.16 |
ubuntu/qemu | <1:7.2+dfsg-5ubuntu2.4 | 1:7.2+dfsg-5ubuntu2.4 |
ubuntu/qemu | <1:8.0.4+dfsg-1ubuntu3.23.10.2 | 1:8.0.4+dfsg-1ubuntu3.23.10.2 |
ubuntu/qemu | <1:8.1.3+ | 1:8.1.3+ |
debian/qemu | <=1:3.1+dfsg-8+deb10u8<=1:5.2+dfsg-11+deb11u3<=1:5.2+dfsg-11+deb11u2<=1:7.2+dfsg-7+deb12u5 | 1:3.1+dfsg-8+deb10u12 1:8.2.1+ds-2 1:8.2.3+ds-2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2023-5088 is a vulnerability in QEMU that can result in the overwrite of a VM's boot code due to an improper IDE controller reset.
CVE-2023-5088 has a severity level of medium.
CVE-2023-5088 affects QEMU by causing a guest I/O operation to be targeted to offset 0 instead of the intended disk offset, potentially overwriting the VM's boot code.
Yes, a fix is available for CVE-2023-5088. Please refer to the vendor's security advisory for more information.
The Common Weakness Enumeration (CWE) ID for CVE-2023-5088 is CWE-821.