Your submission was sent successfully! Close

CVE-2012-0029

Published: 23 January 2012

Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

Priority

Medium

Status

Package Release Status
kvm
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream Needs triage

qemu
Launchpad, Ubuntu, Debian
hardy Ignored
(reached end-of-life)
lucid Does not exist

maverick Does not exist

natty Does not exist

oneiric Does not exist

upstream Needs triage

qemu-kvm
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (0.12.3+noroms-0ubuntu9.17)
maverick
Released (0.12.5+noroms-0ubuntu7.11)
natty
Released (0.14.0+noroms-0ubuntu4.5)
oneiric
Released (0.14.1+noroms-0ubuntu6.2)
upstream Needs triage

This vulnerability is mitigated in part by an AppArmor profile.