vulnerability
Rocky Linux: CVE-2023-5088: virt-rhel-and-virt-devel-rhel (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:L/AC:M/Au:S/C:C/I:C/A:C) | 11/03/2023 | 05/13/2024 | 01/30/2025 |
Severity
7
CVSS
(AV:L/AC:M/Au:S/C:C/I:C/A:C)
Published
11/03/2023
Added
05/13/2024
Modified
01/30/2025
Description
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
Solution(s)
rocky-upgrade-hivexrocky-upgrade-hivex-debuginforocky-upgrade-hivex-debugsourcerocky-upgrade-hivex-develrocky-upgrade-libguestfsrocky-upgrade-libguestfs-appliancerocky-upgrade-libguestfs-debuginforocky-upgrade-libguestfs-debugsourcerocky-upgrade-libguestfs-develrocky-upgrade-libguestfs-gfs2rocky-upgrade-libguestfs-gobjectrocky-upgrade-libguestfs-gobject-debuginforocky-upgrade-libguestfs-gobject-develrocky-upgrade-libguestfs-javarocky-upgrade-libguestfs-java-debuginforocky-upgrade-libguestfs-java-develrocky-upgrade-libguestfs-rescuerocky-upgrade-libguestfs-rsyncrocky-upgrade-libguestfs-tools-crocky-upgrade-libguestfs-tools-c-debuginforocky-upgrade-libguestfs-winsupportrocky-upgrade-libguestfs-xfsrocky-upgrade-libiscsirocky-upgrade-libiscsi-debuginforocky-upgrade-libiscsi-debugsourcerocky-upgrade-libiscsi-develrocky-upgrade-libiscsi-utilsrocky-upgrade-libiscsi-utils-debuginforocky-upgrade-libnbdrocky-upgrade-libnbd-debuginforocky-upgrade-libnbd-debugsourcerocky-upgrade-libnbd-develrocky-upgrade-libtpmsrocky-upgrade-libtpms-debuginforocky-upgrade-libtpms-debugsourcerocky-upgrade-libtpms-develrocky-upgrade-libvirtrocky-upgrade-libvirt-clientrocky-upgrade-libvirt-client-debuginforocky-upgrade-libvirt-daemonrocky-upgrade-libvirt-daemon-config-networkrocky-upgrade-libvirt-daemon-config-nwfilterrocky-upgrade-libvirt-daemon-debuginforocky-upgrade-libvirt-daemon-driver-interfacerocky-upgrade-libvirt-daemon-driver-interface-debuginforocky-upgrade-libvirt-daemon-driver-networkrocky-upgrade-libvirt-daemon-driver-network-debuginforocky-upgrade-libvirt-daemon-driver-nodedevrocky-upgrade-libvirt-daemon-driver-nodedev-debuginforocky-upgrade-libvirt-daemon-driver-nwfilterrocky-upgrade-libvirt-daemon-driver-nwfilter-debuginforocky-upgrade-libvirt-daemon-driver-qemurocky-upgrade-libvirt-daemon-driver-qemu-debuginforocky-upgrade-libvirt-daemon-driver-secretrocky-upgrade-libvirt-daemon-driver-secret-debuginforocky-upgrade-libvirt-daemon-driver-storagerocky-upgrade-libvirt-daemon-driver-storage-corerocky-upgrade-libvirt-daemon-driver-storage-core-debuginforocky-upgrade-libvirt-daemon-driver-storage-diskrocky-upgrade-libvirt-daemon-driver-storage-disk-debuginforocky-upgrade-libvirt-daemon-driver-storage-glusterrocky-upgrade-libvirt-daemon-driver-storage-gluster-debuginforocky-upgrade-libvirt-daemon-driver-storage-iscsirocky-upgrade-libvirt-daemon-driver-storage-iscsi-debuginforocky-upgrade-libvirt-daemon-driver-storage-iscsi-directrocky-upgrade-libvirt-daemon-driver-storage-iscsi-direct-debuginforocky-upgrade-libvirt-daemon-driver-storage-logicalrocky-upgrade-libvirt-daemon-driver-storage-logical-debuginforocky-upgrade-libvirt-daemon-driver-storage-mpathrocky-upgrade-libvirt-daemon-driver-storage-mpath-debuginforocky-upgrade-libvirt-daemon-driver-storage-rbdrocky-upgrade-libvirt-daemon-driver-storage-rbd-debuginforocky-upgrade-libvirt-daemon-driver-storage-scsirocky-upgrade-libvirt-daemon-driver-storage-scsi-debuginforocky-upgrade-libvirt-daemon-kvmrocky-upgrade-libvirt-dbusrocky-upgrade-libvirt-dbus-debuginforocky-upgrade-libvirt-dbus-debugsourcerocky-upgrade-libvirt-debuginforocky-upgrade-libvirt-debugsourcerocky-upgrade-libvirt-develrocky-upgrade-libvirt-docsrocky-upgrade-libvirt-libsrocky-upgrade-libvirt-libs-debuginforocky-upgrade-libvirt-lock-sanlockrocky-upgrade-libvirt-lock-sanlock-debuginforocky-upgrade-libvirt-nssrocky-upgrade-libvirt-nss-debuginforocky-upgrade-libvirt-python-debugsourcerocky-upgrade-libvirt-wiresharkrocky-upgrade-libvirt-wireshark-debuginforocky-upgrade-lua-guestfsrocky-upgrade-lua-guestfs-debuginforocky-upgrade-nbdfuserocky-upgrade-nbdfuse-debuginforocky-upgrade-nbdkitrocky-upgrade-nbdkit-basic-filtersrocky-upgrade-nbdkit-basic-filters-debuginforocky-upgrade-nbdkit-basic-pluginsrocky-upgrade-nbdkit-basic-plugins-debuginforocky-upgrade-nbdkit-curl-pluginrocky-upgrade-nbdkit-curl-plugin-debuginforocky-upgrade-nbdkit-debuginforocky-upgrade-nbdkit-debugsourcerocky-upgrade-nbdkit-develrocky-upgrade-nbdkit-example-pluginsrocky-upgrade-nbdkit-example-plugins-debuginforocky-upgrade-nbdkit-gzip-filterrocky-upgrade-nbdkit-gzip-filter-debuginforocky-upgrade-nbdkit-gzip-pluginrocky-upgrade-nbdkit-gzip-plugin-debuginforocky-upgrade-nbdkit-linuxdisk-pluginrocky-upgrade-nbdkit-linuxdisk-plugin-debuginforocky-upgrade-nbdkit-nbd-pluginrocky-upgrade-nbdkit-nbd-plugin-debuginforocky-upgrade-nbdkit-python-pluginrocky-upgrade-nbdkit-python-plugin-debuginforocky-upgrade-nbdkit-serverrocky-upgrade-nbdkit-server-debuginforocky-upgrade-nbdkit-ssh-pluginrocky-upgrade-nbdkit-ssh-plugin-debuginforocky-upgrade-nbdkit-tar-filterrocky-upgrade-nbdkit-tar-filter-debuginforocky-upgrade-nbdkit-tar-pluginrocky-upgrade-nbdkit-tar-plugin-debuginforocky-upgrade-nbdkit-tmpdisk-pluginrocky-upgrade-nbdkit-tmpdisk-plugin-debuginforocky-upgrade-nbdkit-vddk-pluginrocky-upgrade-nbdkit-vddk-plugin-debuginforocky-upgrade-nbdkit-xz-filterrocky-upgrade-nbdkit-xz-filter-debuginforocky-upgrade-netcfrocky-upgrade-netcf-debuginforocky-upgrade-netcf-debugsourcerocky-upgrade-netcf-develrocky-upgrade-netcf-libsrocky-upgrade-netcf-libs-debuginforocky-upgrade-ocaml-hivexrocky-upgrade-ocaml-hivex-debuginforocky-upgrade-ocaml-hivex-develrocky-upgrade-ocaml-libguestfsrocky-upgrade-ocaml-libguestfs-debuginforocky-upgrade-ocaml-libguestfs-develrocky-upgrade-ocaml-libnbdrocky-upgrade-ocaml-libnbd-debuginforocky-upgrade-ocaml-libnbd-develrocky-upgrade-perl-hivexrocky-upgrade-perl-hivex-debuginforocky-upgrade-perl-sys-guestfsrocky-upgrade-perl-sys-guestfs-debuginforocky-upgrade-perl-sys-virtrocky-upgrade-perl-sys-virt-debuginforocky-upgrade-perl-sys-virt-debugsourcerocky-upgrade-python3-hivexrocky-upgrade-python3-hivex-debuginforocky-upgrade-python3-libguestfsrocky-upgrade-python3-libguestfs-debuginforocky-upgrade-python3-libnbdrocky-upgrade-python3-libnbd-debuginforocky-upgrade-python3-libvirtrocky-upgrade-python3-libvirt-debuginforocky-upgrade-qemu-guest-agentrocky-upgrade-qemu-guest-agent-debuginforocky-upgrade-qemu-imgrocky-upgrade-qemu-img-debuginforocky-upgrade-qemu-kvmrocky-upgrade-qemu-kvm-audio-parocky-upgrade-qemu-kvm-audio-pa-debuginforocky-upgrade-qemu-kvm-block-blkiorocky-upgrade-qemu-kvm-block-blkio-debuginforocky-upgrade-qemu-kvm-block-curlrocky-upgrade-qemu-kvm-block-curl-debuginforocky-upgrade-qemu-kvm-block-glusterrocky-upgrade-qemu-kvm-block-gluster-debuginforocky-upgrade-qemu-kvm-block-iscsirocky-upgrade-qemu-kvm-block-iscsi-debuginforocky-upgrade-qemu-kvm-block-rbdrocky-upgrade-qemu-kvm-block-rbd-debuginforocky-upgrade-qemu-kvm-block-sshrocky-upgrade-qemu-kvm-block-ssh-debuginforocky-upgrade-qemu-kvm-commonrocky-upgrade-qemu-kvm-common-debuginforocky-upgrade-qemu-kvm-corerocky-upgrade-qemu-kvm-core-debuginforocky-upgrade-qemu-kvm-debuginforocky-upgrade-qemu-kvm-debugsourcerocky-upgrade-qemu-kvm-device-display-virtio-gpurocky-upgrade-qemu-kvm-device-display-virtio-gpu-ccwrocky-upgrade-qemu-kvm-device-display-virtio-gpu-ccw-debuginforocky-upgrade-qemu-kvm-device-display-virtio-gpu-debuginforocky-upgrade-qemu-kvm-device-display-virtio-gpu-pcirocky-upgrade-qemu-kvm-device-display-virtio-gpu-pci-debuginforocky-upgrade-qemu-kvm-device-display-virtio-vgarocky-upgrade-qemu-kvm-device-display-virtio-vga-debuginforocky-upgrade-qemu-kvm-device-usb-hostrocky-upgrade-qemu-kvm-device-usb-host-debuginforocky-upgrade-qemu-kvm-device-usb-redirectrocky-upgrade-qemu-kvm-device-usb-redirect-debuginforocky-upgrade-qemu-kvm-docsrocky-upgrade-qemu-kvm-hw-usbredirrocky-upgrade-qemu-kvm-hw-usbredir-debuginforocky-upgrade-qemu-kvm-testsrocky-upgrade-qemu-kvm-toolsrocky-upgrade-qemu-kvm-tools-debuginforocky-upgrade-qemu-kvm-ui-egl-headlessrocky-upgrade-qemu-kvm-ui-egl-headless-debuginforocky-upgrade-qemu-kvm-ui-openglrocky-upgrade-qemu-kvm-ui-opengl-debuginforocky-upgrade-qemu-kvm-ui-spicerocky-upgrade-qemu-kvm-ui-spice-debuginforocky-upgrade-qemu-pr-helperrocky-upgrade-qemu-pr-helper-debuginforocky-upgrade-ruby-hivexrocky-upgrade-ruby-hivex-debuginforocky-upgrade-ruby-libguestfsrocky-upgrade-ruby-libguestfs-debuginforocky-upgrade-seabiosrocky-upgrade-sgabiosrocky-upgrade-superminrocky-upgrade-supermin-debuginforocky-upgrade-supermin-debugsourcerocky-upgrade-supermin-develrocky-upgrade-swtpmrocky-upgrade-swtpm-debuginforocky-upgrade-swtpm-debugsourcerocky-upgrade-swtpm-develrocky-upgrade-swtpm-libsrocky-upgrade-swtpm-libs-debuginforocky-upgrade-swtpm-toolsrocky-upgrade-swtpm-tools-debuginforocky-upgrade-swtpm-tools-pkcs11rocky-upgrade-virt-dibrocky-upgrade-virt-dib-debuginforocky-upgrade-virt-v2vrocky-upgrade-virt-v2v-debuginforocky-upgrade-virt-v2v-debugsource
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.