Published: 19 April 2012
Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service (crash) via a long descriptor with a long vector length.
From the Ubuntu security team
A flaw was discovered in the Linux kernel's macvtap device driver, which is used in KVM (Kernel-based Virtual Machine) to create a network bridge between host and guest. A privleged user in a guest could exploit this flaw to crash the host, if the vhost_net module is loaded with the experimental_zcopytx option enabled.
email thread discussing the patch does not conclude on a patch as yet nothing obviously matching it has hit mainline yet a second patch set was pushed under the thread below and appears to be making its way into v3.5 http://www.spinics.net/lists/netdev/msg197132.html Patch set seems to have hit ending at the sha1 below, it is possible we need all four patches: b92946e2919134ebe2a4083e4302236295ea2a73