CVE-2008-1945

Name of the Vulnerable Software and Affected Versions QEMU version 0.9.0

Description The issue arises from improper handling of changes to removable media, allowing guest OS users to read arbitrary files on the host OS. This is achieved by modifying the disk-image header using the diskformat: parameter in the -usbdevice option to identify a different format.

Recommendations For QEMU version 0.9.0, consider restricting access to the -usbdevice option or avoiding the use of the diskformat: parameter until a fix is available. As a temporary workaround, restrict the ability of guest OS users to modify removable media settings to minimize the risk of exploitation.