QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
2008-08-08T19:41:00.000
2025-04-09T00:30:58.490
Deferred
CVSSv2: 2.1 (LOW)
AV:L/AC:L/Au:N/C:P/I:N/A:N
3.9
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | qemu | qemu | 0.9.0 | Yes |
| Operating System | opensuse | opensuse | 10.3 | Yes |
| Operating System | opensuse | opensuse | 11.0 | Yes |
| Operating System | opensuse | opensuse | 11.1 | Yes |
| Operating System | suse | linux_enterprise_server | 10 | Yes |
| Operating System | suse | linux_enterprise_server | 11 | Yes |
| Operating System | debian | debian_linux | 4.0 | Yes |
| Operating System | debian | debian_linux | 5.0 | Yes |
| Operating System | canonical | ubuntu_linux | 8.04 | Yes |
| Operating System | canonical | ubuntu_linux | 8.10 | Yes |
| Operating System | redhat | enterprise_linux_desktop | 5.0 | Yes |
| Operating System | redhat | enterprise_linux_eus | 5.2 | Yes |
| Operating System | redhat | enterprise_linux_server | 5.0 | Yes |
| Operating System | redhat | enterprise_linux_workstation | 5.0 | Yes |