QEMU L2 Guest Disk Offset Overwrite Vulnerability (CVE-2023-5088)
CVE-2023-5088 Published on November 3, 2023
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
Vulnerability Analysis
CVE-2023-5088 is exploitable with local system access, and requires user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.
Weakness Type
Incorrect Synchronization
The software utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource. If access to a shared resource is not correctly synchronized, then the resource may not be in a state that is expected by the software. This might lead to unexpected or insecure behaviors, especially if an attacker can influence the shared resource.
Products Associated with CVE-2023-5088
You can be notified by email with stack.watch whenever vulnerabilities like CVE-2023-5088 are published in these products:
Affected Versions
Red Hat Enterprise Linux 8:- Version 8100020240314161907.e155f54d and below * is unaffected.
- Version 8100020240314161907.e155f54d and below * is unaffected.
- Version 17:8.2.0-11.el9_4 and below * is unaffected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.