CVE-2012-6075

Published: Feb 13, 2013Modified: Apr 29, 2026

9.3

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability: 8.6 / Impact: 10.0

Source: NVD

Description

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

Affected (23)

Products: Qemu: Qemu · Fedoraproject: Fedora · Opensuse: Opensuse · +4 more

Show all products

Qemu: Qemu · Fedoraproject: Fedora · Opensuse: Opensuse · Suse: Linux Enterprise Server · Redhat: Enterprise Linux Desktop, Enterprise Linux Eus, Enterprise Linux Server, Enterprise Linux Server Aus, Enterprise Linux Workstation, Virtualization · Debian: Debian Linux · Canonical: Ubuntu Linux

1 product

1 product

1 product

1 product

Linux Enterprise Server

Redhat

6 products

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Server Aus

Enterprise Linux Workstation

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Before 1.3.0

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 16
Fedoraproject Fedora	Version 17
Fedoraproject Fedora	Version 18

Configuration C

3 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 12.1
Opensuse Opensuse	Version 12.2
Suse Linux Enterprise Server	Version 11 sp1

Configuration D

10 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 5.9
Redhat Enterprise Linux Eus	Version 6.4
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server Aus	Version 5.9
Redhat Enterprise Linux Server Aus	Version 6.4
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Enterprise Linux Workstation	Version 6.0

Configuration E

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Virtualization	Version 3.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 6.0

Configuration F

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 6.0

Configuration G

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 11.10
Canonical Ubuntu Linux	Version 12.04
Canonical Ubuntu Linux	Version 12.10

Related CWEs

CWE-120

Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.

References (44)

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb

Source: secalert@redhat.com

http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html

Source: secalert@redhat.com

PatchThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0599.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0608.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0609.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0610.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2013-0639.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/55082

Source: secalert@redhat.com

Third Party Advisory

http://security.gentoo.org/glsa/glsa-201309-24.xml

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2013/dsa-2607

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2013/dsa-2608

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2013/dsa-2619

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2012/12/30/1

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://www.securityfocus.com/bid/57420

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-1692-1

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=889301

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb