CVE-2008-0928

Qemu 0.9.1 and earlier does not perform range checks for block device read or write requests, which allows guest host users with root privileges to access arbitrary memory and escape the virtual machine.

Published: Mar 3, 2008
Updated: Nov 9, 2025
CVE: CVE-2008-0928
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.7
AV:L/AC:M/Au:N/C:C/I:N/A:N

CWEs:

CWE-264

Affected Software
References

Software	From	Fixed in
qemu / qemu	0.1.6	0.1.6.x
qemu / qemu	0.5.3	0.5.3.x
qemu / qemu	0.4.2	0.4.2.x
qemu / qemu	0.1.5	0.1.5.x
qemu / qemu	0.5.1	0.5.1.x
qemu / qemu	0.8.2	0.8.2.x
qemu / qemu	0.5.5	0.5.5.x
qemu / qemu	0.9.0	0.9.0.x
qemu / qemu	0.7.2	0.7.2.x
qemu / qemu	0.1.3	0.1.3.x
qemu / qemu	0.7.1	0.7.1.x
qemu / qemu	0.5.0	0.5.0.x
qemu / qemu	0.8.1	0.8.1.x
qemu / qemu	0.4.1	0.4.1.x
qemu / qemu	0.5.2	0.5.2.x
qemu / qemu	0.1.1	0.1.1.x
qemu / qemu	0.7.0	0.7.0.x
qemu / qemu	0.1.4	0.1.4.x
qemu / qemu	0.9.1	0.9.1.x
qemu / qemu	0.6.0	0.6.0.x
qemu / qemu	0.6.1	0.6.1.x
qemu / qemu	0.4.3	0.4.3.x
qemu / qemu	0.1.2	0.1.2.x
qemu / qemu	0.5.4	0.5.4.x
qemu / qemu	0.8.0	0.8.0.x
qemu / qemu	0.1.0	0.1.0.x
qemu / qemu	0.2.0	0.2.0.x
qemu / qemu	0.3.0	0.3.0.x
qemu / qemu	0.4.0	0.4.0.x

Vulnerability Database

313,358

CVE-2008-0928

Deep Security Visibility Without the Complexity