Ubuntu: (Multiple Advisories) (CVE-2023-5088): QEMU vulnerabilities

Ubuntu: (Multiple Advisories) (CVE-2023-5088): QEMU vulnerabilities

Severity

7

CVSS

(AV:L/AC:M/Au:S/C:C/I:C/A:C)

Published

11/03/2023

Created

01/10/2024

Added

01/09/2024

Modified

01/30/2025

Description

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.

Solution(s)

• ubuntu-upgrade-qemu
• ubuntu-upgrade-qemu-system
• ubuntu-upgrade-qemu-system-arm
• ubuntu-upgrade-qemu-system-mips
• ubuntu-upgrade-qemu-system-misc
• ubuntu-upgrade-qemu-system-ppc
• ubuntu-upgrade-qemu-system-s390x
• ubuntu-upgrade-qemu-system-sparc
• ubuntu-upgrade-qemu-system-x86
• ubuntu-upgrade-qemu-system-x86-microvm
• ubuntu-upgrade-qemu-system-x86-xen
• ubuntu-upgrade-qemu-system-xen

References

• https://attackerkb.com/topics/cve-2023-5088
• CVE - 2023-5088
• USN-6567-1
• USN-6567-2