CVE-2012-2119

Published: 19 April 2012

Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.

From the Ubuntu security team

A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled.

Priority

Low

Notes

AuthorNote
apw
email thread discussing the patch does not conclude on a patch as yet
nothing obviously matching it has hit mainline yet
a second patch set was pushed under the thread below and appears to be
making its way into v3.5
http://www.spinics.net/lists/netdev/msg197132.html
Patch set seems to have hit ending at the sha1 below, it is possible
we need all four patches:
b92946e2919134ebe2a4083e4302236295ea2a73

References

Bugs