CVE-2023-5088

CVSS v3.1

6.4

Medium

Vector

AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions QEMU (affected versions not specified)

Description A bug in QEMU could cause a guest I/O operation to be targeted to offset 0 instead of an arbitrary disk offset, potentially overwriting the VM's boot code. This could allow an attacker to read and/or write data to LBA 0 of a virtual disk, potentially gaining control of the hypervisor at its next reboot. The vulnerability is related to errors in synchronization when handling the DRQ STAT parameter in the ide dma cb() function of the QEMU hardware emulator.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-821CWE-662

Related Identifiers

ALSA-2024:2135

ALT-PU-2024-6235

ALT-PU-2024-7201

AZL-35596

BDU:2023-07853

CESA-2024_2962

CVE-2023-5088

DLA-3759-1

DLA-4144-1

INFSA-2024_2135

INFSA-2024_2962

MGASA-2024-0387

RHSA-2024:2135

RHSA-2024:2962

RHSA-2024_2135

RHSA-2024_2962

RLSA-2024:2135

RLSA-2024:2962

USN-6567-1

USN-6567-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Debian

Linuxmint

Qemu

Red Hat

Red Os

Rocky Linux

Ubuntu

CVE-2023-5088

Weakness Enumeration

Related Identifiers

Affected Products

References · 88