CVE-2012-0029
Published: 23 January 2012
Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
Priority
Status
Package | Release | Status |
---|---|---|
kvm Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
qemu Launchpad, Ubuntu, Debian |
hardy |
Ignored
(end of life)
|
lucid |
Does not exist
|
|
maverick |
Does not exist
|
|
natty |
Does not exist
|
|
oneiric |
Does not exist
|
|
upstream |
Needs triage
|
|
qemu-kvm Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
lucid |
Released
(0.12.3+noroms-0ubuntu9.17)
|
|
maverick |
Released
(0.12.5+noroms-0ubuntu7.11)
|
|
natty |
Released
(0.14.0+noroms-0ubuntu4.5)
|
|
oneiric |
Released
(0.14.1+noroms-0ubuntu6.2)
|
|
upstream |
Needs triage
|
|
This vulnerability is mitigated in part by an AppArmor profile. |