CVE-2008-1945
EPSS 0.09%
Description
QEMU 0.9.0 does not properly handle changes to removable media, which allows guest OS users to read arbitrary files on the host OS by using the diskformat: parameter in the -usbdevice option to modify the disk-image header to identify a different format, a related issue to CVE-2008-2004.
How to fix CVE-2008-1945
To remediate CVE-2008-1945, upgrade the affected package to a fixed version below.
- Debian/qemu—upgrade to 0.9.1-5 or later
Is CVE-2008-1945 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 0.9.1-5