Vulnerability DatabaseCVE-2023-5088
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2023-5088
November 03, 2023
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
Related ResourcesĀ (9)
https://lore.kernel.org/all/20230921160712.99521-1-simon.rowe@nutanix.com/T/
https://access.redhat.com/errata/RHSA-2024:2962
https://lists.debian.org/debian-lts-announce/2025/04/msg00042.html
https://bugzilla.redhat.com/show_bug.cgi?id=2247283
https://access.redhat.com/security/cve/CVE-2023-5088
https://security-tracker.debian.org/tracker/CVE-2023-5088
https://security.netapp.com/advisory/ntap-20231208-0005/
https://access.redhat.com/errata/RHSA-2024:2135
https://lists.debian.org/debian-lts-announce/2024/03/msg00012.html
Do you need more information?
Contact Us
CVSS v4
Base Score:
7.1
Attack Vector
LOCAL
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
HIGH
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
6.4
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
Weakness Type (CWE)
Improper Synchronization
CWE-662
Incorrect Synchronization
CWE-821
EPSS
Base Score:
0.01