CVE-2008-2004 Common Vulnerabilities and Exposures

Upstream information

CVE-2008-2004 at MITRE

Description

The drive_init function in QEMU 0.9.1 determines the format of a raw disk image based on the header, which allows local guest users to read arbitrary files on the host by modifying the header to identify a different format, which is used when the guest is restarted.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having moderate severity.

CVSS v2 Scores
CVSS detail	National Vulnerability Database
Base Score	4.9
Vector	AV:L/AC:L/Au:N/C:C/I:N/A:N
Access Vector	Local
Access Complexity	Low
Authentication	None
Confidentiality Impact	Complete
Integrity Impact	None
Availability Impact	None

SUSE Bugzilla entry: 380828 [RESOLVED / FIXED]

SUSE Security Advisories:

SUSE-SR:2008:013, published Fri, 13 Jun 2008 17:00:00 +0000

SUSE Timeline for this CVE

CVE page created: Fri Jun 28 03:59:06 2013
CVE page last modified: Mon Oct 6 18:15:18 2025