CVE-2023-5088

Qemu: improper ide controller reset can lead to mbr overwrite

Published: 11/3/2023 Last updated: 11/6/2025 Reserved: 9/20/2023

A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.

CNA assigner: redhat (53f830b8-0a3f-465b-8143-3b8a9948e749) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	6.4	Medium	CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (2)

conf-qemu-img nbd-tool

Products affected (11)

Product	Vendor	Version
Red Hat Enterprise Linux 6	Red Hat	< 45.6
Red Hat Enterprise Linux 6	Red Hat	12.4(24)MDB19
Red Hat Enterprise Linux 9	Red Hat	<= 1.2.16
Red Hat Enterprise Linux 9	Red Hat	12.4(24)MDB11
Red Hat Enterprise Linux 7	Red Hat	before version 1.1 for Windows
Red Hat Enterprise Linux 7	Red Hat	15.0(2)EX
Red Hat Enterprise Linux 7	Red Hat	< 10.0.22631.4169
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	15.0(2)EX10
Red Hat Enterprise Linux 8 Advanced Virtualization	Red Hat	< 45.6
Red Hat Enterprise Linux 8	Red Hat	< 10.0.22631.4169
Red Hat Enterprise Linux 8	Red Hat	12.2.3-12.2.9

CVE-2023-5088

Qemu: improper ide controller reset can lead to mbr overwrite

Metrics

Opam packages affected (2)

Products affected (11)

References (26)