Unrated severityNVD Advisory· Published Nov 3, 2023· Updated Feb 25, 2026
Qemu: improper ide controller reset can lead to mbr overwrite
CVE-2023-5088
Description
A bug in QEMU could cause a guest I/O operation otherwise addressed to an arbitrary disk offset to be targeted to offset 0 instead (potentially overwriting the VM's boot code). This could be used, for example, by L2 guests with a virtual disk (vdiskL2) stored on a virtual disk of an L1 (vdiskL1) hypervisor to read and/or write data to LBA 0 of vdiskL1, potentially gaining control of L1 at its next reboot.
Affected products
25- Red Hat/Red Hat Enterprise Linux 8 Advanced Virtualizationv5cpe:/a:redhat:advanced_virtualization:8::el8
cpe:/a:redhat:enterprise_linux:8::appstream+ 3 more
- cpe:/a:redhat:enterprise_linux:8::appstreamrange: 8100020240314161907.e155f54d
- cpe:/a:redhat:enterprise_linux:9::appstreamrange: 17:8.2.0-11.el9_4
- cpe:/o:redhat:enterprise_linux:6
- cpe:/o:redhat:enterprise_linux:7
- osv-coords20 versionspkg:rpm/almalinux/qemu-guest-agentpkg:rpm/almalinux/qemu-imgpkg:rpm/almalinux/qemu-kvmpkg:rpm/almalinux/qemu-kvm-audio-papkg:rpm/almalinux/qemu-kvm-block-blkiopkg:rpm/almalinux/qemu-kvm-block-curlpkg:rpm/almalinux/qemu-kvm-block-rbdpkg:rpm/almalinux/qemu-kvm-commonpkg:rpm/almalinux/qemu-kvm-corepkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpupkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-ccwpkg:rpm/almalinux/qemu-kvm-device-display-virtio-gpu-pcipkg:rpm/almalinux/qemu-kvm-device-display-virtio-vgapkg:rpm/almalinux/qemu-kvm-device-usb-hostpkg:rpm/almalinux/qemu-kvm-device-usb-redirectpkg:rpm/almalinux/qemu-kvm-docspkg:rpm/almalinux/qemu-kvm-toolspkg:rpm/almalinux/qemu-kvm-ui-egl-headlesspkg:rpm/almalinux/qemu-kvm-ui-openglpkg:rpm/almalinux/qemu-pr-helper
< 17:8.2.0-11.el9_4+ 19 more
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
- (no CPE)range: < 17:8.2.0-11.el9_4
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
5- access.redhat.com/errata/RHSA-2024:2135mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/errata/RHSA-2024:2962mitrevendor-advisoryx_refsource_REDHAT
- access.redhat.com/security/cve/CVE-2023-5088mitrevdb-entryx_refsource_REDHAT
- bugzilla.redhat.com/show_bug.cgimitreissue-trackingx_refsource_REDHAT
- lore.kernel.org/all/20230921160712.99521-1-simon.rowe@nutanix.com/T/mitre
News mentions
0No linked articles in our index yet.