CVE-2012-6075

Priority
Medium
Description
Buffer overflow in the e1000_receive function in the e1000 device driver
(hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE
flags are disabled, allows remote attackers to cause a denial of service
(guest OS crash) and possibly execute arbitrary guest code via a large
packet.
References
Bugs
Notes
 mdeslaur> hypervisor packages are in universe. For
 mdeslaur> issues in the hypervisor, add appropriate
 mdeslaur> tags to each section, ex:
 mdeslaur> Tags_xen: universe-binary
 kees> qemu and kvm are only included if the Xen issue is in full-virt mode.
 sarnold> "there will be no more qemu-kvm releases." -- Michael Tokarev
 sarnold> qemu patches should apply to xen's embedded copies
 mdeslaur> raring is replacing qemu-kvm with qemu (in progress)
Assigned-to
mdeslaur
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Source: xen (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (4.2.0-1ubuntu6)
Package
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Patches:
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb (pt1)
Upstream:http://git.qemu.org/?p=qemu.git;a=commit;h=2c0331f4f7d241995452b99afaf0aab00493334a (pt2)
Vendor:http://www.debian.org/security/2013/dsa-2607
Package
Source: kvm (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Source: qemu (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 14.04 LTS (Trusty Tahr):released (1.3.0+dfsg-1~exp3ubuntu3)
Patches:
Vendor:http://www.debian.org/security/2013/dsa-2608
More Information

Updated: 2017-08-11 23:49:54 UTC (commit 13081)