CVE-2012-0029

Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
Severity
UNKNOWN
AV:A/AC:M/Au:S/C:C/I:C/A:C
Atk. Vector
ADJACENT_NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 39%
VendorProductVersion
kvm_groupqemu-kvm
0.12
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
xen
bullseye
4.14.6-1
fixed
squeeze
not-affected
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
trixie
4.17.3+36-g54dacb5c02-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kvm
oneiric
dne
natty
dne
maverick
dne
lucid
dne
hardy
ignored
qemu
oneiric
dne
natty
dne
maverick
dne
lucid
dne
hardy
ignored
qemu-kvm
oneiric
Fixed 0.14.1+noroms-0ubuntu6.2
released
natty
Fixed 0.14.0+noroms-0ubuntu4.5
released
maverick
Fixed 0.12.5+noroms-0ubuntu7.11
released
lucid
Fixed 0.12.3+noroms-0ubuntu9.17
released
hardy
dne