Описание
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | released | 1:8.1.3+ds-1ubuntu1 |
| esm-infra-legacy/trusty | released | 2.0.0+dfsg-2ubuntu1.47+esm6 |
| esm-infra-legacy/xenial | released | 1:2.5+dfsg-5ubuntu10.51+esm4 |
| esm-infra/bionic | released | 1:2.11+dfsg-1ubuntu7.42+esm5 |
| esm-infra/focal | released | 1:4.2-3ubuntu6.28 |
| esm-infra/xenial | ignored | end of ESM support, was needs-triage |
| focal | released | 1:4.2-3ubuntu6.28 |
| jammy | released | 1:6.2+dfsg-2ubuntu6.16 |
| lunar | released | 1:7.2+dfsg-5ubuntu2.4 |
Показывать по
EPSS
6.4 Medium
CVSS3
Связанные уязвимости
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
Qemu: improper ide controller reset can lead to mbr overwrite
A bug in QEMU could cause a guest I/O operation otherwise addressed to ...
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
EPSS
6.4 Medium
CVSS3