CVE-2008-4539
Summary
| CVE | CVE-2008-4539 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2008-12-29 15:24:00 UTC |
| Updated | 2023-11-07 02:02:00 UTC |
| Description | Heap-based buffer overflow in the Cirrus VGA implementation in (1) KVM before kvm-82 and (2) QEMU on Debian GNU/Linux and Ubuntu might allow local users to gain privileges by using the VNC console for a connection, aka the LGD-54XX "bitblt" heap overflow. NOTE: this issue exists because of an incorrect fix for CVE-2007-1320. |
Risk And Classification
Problem Types: CWE-119
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Canonical | Ubuntu Linux | - | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 8.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 8.10 | All | All | All |
| Operating System | Debian | Debian Linux | - | All | All | All |
| Operating System | Debian | Debian Linux | 4.0 | All | All | All |
| Operating System | Debian | Debian Linux | 5.0 | All | All | All |
| Operating System | Debian | Linux | All | All | All | All |
| Operating System | Debian | Linux | All | All | All | All |
| Application | Kvm Qumranet | Kvm | 1 | All | All | All |
| Application | Kvm Qumranet | Kvm | 10 | All | All | All |
| Application | Kvm Qumranet | Kvm | 11 | All | All | All |
| Application | Kvm Qumranet | Kvm | 12 | All | All | All |
| Application | Kvm Qumranet | Kvm | 13 | All | All | All |
| Application | Kvm Qumranet | Kvm | 14 | All | All | All |
| Application | Kvm Qumranet | Kvm | 15 | All | All | All |
| Application | Kvm Qumranet | Kvm | 16 | All | All | All |
| Application | Kvm Qumranet | Kvm | 17 | All | All | All |
| Application | Kvm Qumranet | Kvm | 18 | All | All | All |
| Application | Kvm Qumranet | Kvm | 19 | All | All | All |
| Application | Kvm Qumranet | Kvm | 2 | All | All | All |
| Application | Kvm Qumranet | Kvm | 20 | All | All | All |
| Application | Kvm Qumranet | Kvm | 21 | All | All | All |
| Application | Kvm Qumranet | Kvm | 22 | All | All | All |
| Application | Kvm Qumranet | Kvm | 23 | All | All | All |
| Application | Kvm Qumranet | Kvm | 24 | All | All | All |
| Application | Kvm Qumranet | Kvm | 25 | All | All | All |
| Application | Kvm Qumranet | Kvm | 26 | All | All | All |
| Application | Kvm Qumranet | Kvm | 27 | All | All | All |
| Application | Kvm Qumranet | Kvm | 28 | All | All | All |
| Application | Kvm Qumranet | Kvm | 29 | All | All | All |
| Application | Kvm Qumranet | Kvm | 3 | All | All | All |
| Application | Kvm Qumranet | Kvm | 30 | All | All | All |
| Application | Kvm Qumranet | Kvm | 31 | All | All | All |
| Application | Kvm Qumranet | Kvm | 32 | All | All | All |
| Application | Kvm Qumranet | Kvm | 33 | All | All | All |
| Application | Kvm Qumranet | Kvm | 34 | All | All | All |
| Application | Kvm Qumranet | Kvm | 35 | All | All | All |
| Application | Kvm Qumranet | Kvm | 36 | All | All | All |
| Application | Kvm Qumranet | Kvm | 37 | All | All | All |
| Application | Kvm Qumranet | Kvm | 38 | All | All | All |
| Application | Kvm Qumranet | Kvm | 39 | All | All | All |
| Application | Kvm Qumranet | Kvm | 4 | All | All | All |
| Application | Kvm Qumranet | Kvm | 40 | All | All | All |
| Application | Kvm Qumranet | Kvm | 41 | All | All | All |
| Application | Kvm Qumranet | Kvm | 42 | All | All | All |
| Application | Kvm Qumranet | Kvm | 43 | All | All | All |
| Application | Kvm Qumranet | Kvm | 44 | All | All | All |
| Application | Kvm Qumranet | Kvm | 45 | All | All | All |
| Application | Kvm Qumranet | Kvm | 46 | All | All | All |
| Application | Kvm Qumranet | Kvm | 47 | All | All | All |
| Application | Kvm Qumranet | Kvm | 48 | All | All | All |
| Application | Kvm Qumranet | Kvm | 49 | All | All | All |
| Application | Kvm Qumranet | Kvm | 5 | All | All | All |
| Application | Kvm Qumranet | Kvm | 50 | All | All | All |
| Application | Kvm Qumranet | Kvm | 51 | All | All | All |
| Application | Kvm Qumranet | Kvm | 52 | All | All | All |
| Application | Kvm Qumranet | Kvm | 53 | All | All | All |
| Application | Kvm Qumranet | Kvm | 54 | All | All | All |
| Application | Kvm Qumranet | Kvm | 55 | All | All | All |
| Application | Kvm Qumranet | Kvm | 56 | All | All | All |
| Application | Kvm Qumranet | Kvm | 57 | All | All | All |
| Application | Kvm Qumranet | Kvm | 58 | All | All | All |
| Application | Kvm Qumranet | Kvm | 59 | All | All | All |
| Application | Kvm Qumranet | Kvm | 6 | All | All | All |
| Application | Kvm Qumranet | Kvm | 60 | All | All | All |
| Application | Kvm Qumranet | Kvm | 61 | All | All | All |
| Application | Kvm Qumranet | Kvm | 62 | All | All | All |
| Application | Kvm Qumranet | Kvm | 63 | All | All | All |
| Application | Kvm Qumranet | Kvm | 64 | All | All | All |
| Application | Kvm Qumranet | Kvm | 65 | All | All | All |
| Application | Kvm Qumranet | Kvm | 66 | All | All | All |
| Application | Kvm Qumranet | Kvm | 67 | All | All | All |
| Application | Kvm Qumranet | Kvm | 68 | All | All | All |
| Application | Kvm Qumranet | Kvm | 69 | All | All | All |
| Application | Kvm Qumranet | Kvm | 7 | All | All | All |
| Application | Kvm Qumranet | Kvm | 70 | All | All | All |
| Application | Kvm Qumranet | Kvm | 71 | All | All | All |
| Application | Kvm Qumranet | Kvm | 72 | All | All | All |
| Application | Kvm Qumranet | Kvm | 73 | All | All | All |
| Application | Kvm Qumranet | Kvm | 74 | All | All | All |
| Application | Kvm Qumranet | Kvm | 75 | All | All | All |
| Application | Kvm Qumranet | Kvm | 76 | All | All | All |
| Application | Kvm Qumranet | Kvm | 77 | All | All | All |
| Application | Kvm Qumranet | Kvm | 78 | All | All | All |
| Application | Kvm Qumranet | Kvm | 79 | All | All | All |
| Application | Kvm Qumranet | Kvm | 80 | All | All | All |
| Application | Kvm Qumranet | Kvm | 1 | All | All | All |
| Application | Kvm Qumranet | Kvm | 10 | All | All | All |
| Application | Kvm Qumranet | Kvm | 11 | All | All | All |
| Application | Kvm Qumranet | Kvm | 12 | All | All | All |
| Application | Kvm Qumranet | Kvm | 13 | All | All | All |
| Application | Kvm Qumranet | Kvm | 14 | All | All | All |
| Application | Kvm Qumranet | Kvm | 15 | All | All | All |
| Application | Kvm Qumranet | Kvm | 16 | All | All | All |
| Application | Kvm Qumranet | Kvm | 17 | All | All | All |
| Application | Kvm Qumranet | Kvm | 18 | All | All | All |
| Application | Kvm Qumranet | Kvm | 19 | All | All | All |
| Application | Kvm Qumranet | Kvm | 2 | All | All | All |
| Application | Kvm Qumranet | Kvm | 20 | All | All | All |
| Application | Kvm Qumranet | Kvm | 21 | All | All | All |
| Application | Kvm Qumranet | Kvm | 22 | All | All | All |
| Application | Kvm Qumranet | Kvm | 23 | All | All | All |
| Application | Kvm Qumranet | Kvm | 24 | All | All | All |
| Application | Kvm Qumranet | Kvm | 25 | All | All | All |
| Application | Kvm Qumranet | Kvm | 26 | All | All | All |
| Application | Kvm Qumranet | Kvm | 27 | All | All | All |
| Application | Kvm Qumranet | Kvm | 28 | All | All | All |
| Application | Kvm Qumranet | Kvm | 29 | All | All | All |
| Application | Kvm Qumranet | Kvm | 3 | All | All | All |
| Application | Kvm Qumranet | Kvm | 30 | All | All | All |
| Application | Kvm Qumranet | Kvm | 31 | All | All | All |
| Application | Kvm Qumranet | Kvm | 32 | All | All | All |
| Application | Kvm Qumranet | Kvm | 33 | All | All | All |
| Application | Kvm Qumranet | Kvm | 34 | All | All | All |
| Application | Kvm Qumranet | Kvm | 35 | All | All | All |
| Application | Kvm Qumranet | Kvm | 36 | All | All | All |
| Application | Kvm Qumranet | Kvm | 37 | All | All | All |
| Application | Kvm Qumranet | Kvm | 38 | All | All | All |
| Application | Kvm Qumranet | Kvm | 39 | All | All | All |
| Application | Kvm Qumranet | Kvm | 4 | All | All | All |
| Application | Kvm Qumranet | Kvm | 40 | All | All | All |
| Application | Kvm Qumranet | Kvm | 41 | All | All | All |
| Application | Kvm Qumranet | Kvm | 42 | All | All | All |
| Application | Kvm Qumranet | Kvm | 43 | All | All | All |
| Application | Kvm Qumranet | Kvm | 44 | All | All | All |
| Application | Kvm Qumranet | Kvm | 45 | All | All | All |
| Application | Kvm Qumranet | Kvm | 46 | All | All | All |
| Application | Kvm Qumranet | Kvm | 47 | All | All | All |
| Application | Kvm Qumranet | Kvm | 48 | All | All | All |
| Application | Kvm Qumranet | Kvm | 49 | All | All | All |
| Application | Kvm Qumranet | Kvm | 5 | All | All | All |
| Application | Kvm Qumranet | Kvm | 50 | All | All | All |
| Application | Kvm Qumranet | Kvm | 51 | All | All | All |
| Application | Kvm Qumranet | Kvm | 52 | All | All | All |
| Application | Kvm Qumranet | Kvm | 53 | All | All | All |
| Application | Kvm Qumranet | Kvm | 54 | All | All | All |
| Application | Kvm Qumranet | Kvm | 55 | All | All | All |
| Application | Kvm Qumranet | Kvm | 56 | All | All | All |
| Application | Kvm Qumranet | Kvm | 57 | All | All | All |
| Application | Kvm Qumranet | Kvm | 58 | All | All | All |
| Application | Kvm Qumranet | Kvm | 59 | All | All | All |
| Application | Kvm Qumranet | Kvm | 6 | All | All | All |
| Application | Kvm Qumranet | Kvm | 60 | All | All | All |
| Application | Kvm Qumranet | Kvm | 61 | All | All | All |
| Application | Kvm Qumranet | Kvm | 62 | All | All | All |
| Application | Kvm Qumranet | Kvm | 63 | All | All | All |
| Application | Kvm Qumranet | Kvm | 64 | All | All | All |
| Application | Kvm Qumranet | Kvm | 65 | All | All | All |
| Application | Kvm Qumranet | Kvm | 66 | All | All | All |
| Application | Kvm Qumranet | Kvm | 67 | All | All | All |
| Application | Kvm Qumranet | Kvm | 68 | All | All | All |
| Application | Kvm Qumranet | Kvm | 69 | All | All | All |
| Application | Kvm Qumranet | Kvm | 7 | All | All | All |
| Application | Kvm Qumranet | Kvm | 70 | All | All | All |
| Application | Kvm Qumranet | Kvm | 71 | All | All | All |
| Application | Kvm Qumranet | Kvm | 72 | All | All | All |
| Application | Kvm Qumranet | Kvm | 73 | All | All | All |
| Application | Kvm Qumranet | Kvm | 74 | All | All | All |
| Application | Kvm Qumranet | Kvm | 75 | All | All | All |
| Application | Kvm Qumranet | Kvm | 76 | All | All | All |
| Application | Kvm Qumranet | Kvm | 77 | All | All | All |
| Application | Kvm Qumranet | Kvm | 78 | All | All | All |
| Application | Kvm Qumranet | Kvm | 79 | All | All | All |
| Application | Kvm Qumranet | Kvm | 80 | All | All | All |
| Application | Kvm Qumranet | Kvm | All | All | All | All |
| Application | Qemu | Qemu | All | All | All | All |
| Application | Qemu | Qemu | All | All | All | All |
| Operating System | Ubuntu | Ubuntu Linux | All | All | All | All |
| Operating System | Ubuntu | Ubuntu Linux | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files pat | www.mail-archive.com | ||
| Bug 237342 – CVE-2007-1320 xen/qemu Cirrus LGD-54XX "bitblt" Heap Overflow | CONFIRM | bugzilla.redhat.com | |
| [Secure-testing-commits] r10251 - data/CVE | www.mail-archive.com | ||
| “qemu” source package : Jaunty (9.04) : Ubuntu | CONFIRM | launchpad.net | |
| Bug 466890 – CVE-2008-4539 kvm/qemu/xen: Incomplete upstream fix for CVE-2007-1320 | CONFIRM | bugzilla.redhat.com | |
| Ubuntu update for kvm - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| SUSE Update for Multiple Packages - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | |
| KVM Multiple Vulnerabilities - Secunia Advisories - Vulnerability Information - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| cvs commit: ports/emulators/qemu Makefile ports/emulators/qemu/files pat | MLIST | www.mail-archive.com | |
| QEMU Various Vulnerabilities - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| git.kernel.dk Git - qemu.git/commitdiff | git.kernel.dk | ||
| git.kernel.dk Git - qemu.git/commitdiff | CONFIRM | git.kernel.dk | Exploit |
| Fedora update for kvm - Secunia Advisories - Vulnerability Intelligence - Secunia.com | SECUNIA | secunia.com | Vendor Advisory |
| [qemu] Revision 5587 | CONFIRM | svn.savannah.gnu.org | |
| [Secure-testing-commits] r10251 - data/CVE | MLIST | www.mail-archive.com | |
| IBM X-Force Exchange | XF | exchange.xforce.ibmcloud.com | |
| Bug 448525 – CVE-2007-1320 xen/qemu Cirrus LGD-54XX "bitblt" Heap Overflow [Fedora 9] | CONFIRM | bugzilla.redhat.com | |
| [SECURITY] Fedora 9 Update: kvm-65-15.fc9 | FEDORA | www.redhat.com | |
| USN-776-1: KVM vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | |
| Debian update for qemu - Secunia.com | SECUNIA | secunia.com | |
| Debian -- Security Information -- DSA-1799-1 qemu | DEBIAN | www.debian.org | |
| [security-announce] SUSE Security Summary Report: SUSE-SR:2009:008 | SUSE | lists.opensuse.org | |
| Google Groups | MLIST | groups.google.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.