Heap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

Metrics

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Adjacent Network

Access Complexity Medium

Authentication Single

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:A/AC:M/Au:S/C:C/I:C/A:C

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Affected Vendors & Products

Vendors Products
Kvm Group
  • Qemu-kvm
Redhat
  • Enterprise Linux
  • Rhel Virtualization

Configuration 1 [-]

cpe:2.3:a:kvm_group:qemu-kvm:0.12:*:*:*:*:*:*:*
Package CPE Advisory Released Date
Red Hat Enterprise Linux 5
kvm-0:83-239.el5_7.1 cpe:/a:redhat:rhel_virtualization:5 RHSA-2012:0051 2012-01-23T00:00:00Z
xen-0:3.0.3-135.el5_8.2 cpe:/o:redhat:enterprise_linux:5 RHSA-2012:0370 2012-03-07T00:00:00Z
Red Hat Enterprise Linux 6
qemu-kvm-2:0.12.1.2-2.209.el6_2.4 cpe:/o:redhat:enterprise_linux:6 RHSA-2012:0050 2012-01-23T00:00:00Z
RHEV 3.X Hypervisor and Agents for RHEL-6
rhev-hypervisor6-0:6.2-20120209.0.el6_2 cpe:/o:redhat:enterprise_linux:6::hypervisor RHSA-2012:0109 2012-02-15T00:00:00Z
References
Link Providers
http://git.qemu.org/?p=qemu.git%3Ba=log%3Bh=refs/heads/stable-1.0 cve-icon cve-icon
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-updates/2012-02/msg00009.html cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2012-0370.html cve-icon cve-icon
http://secunia.com/advisories/47740 cve-icon cve-icon
http://secunia.com/advisories/47741 cve-icon cve-icon
http://secunia.com/advisories/47992 cve-icon cve-icon
http://secunia.com/advisories/48318 cve-icon cve-icon
http://secunia.com/advisories/50913 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2012-0050.html cve-icon cve-icon
http://www.securityfocus.com/bid/51642 cve-icon cve-icon
http://www.ubuntu.com/usn/USN-1339-1 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=772075 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/72656 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2012-0029 cve-icon
https://www.cve.org/CVERecord?id=CVE-2012-0029 cve-icon
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2012-01-27T15:00:00

Updated: 2024-08-06T18:09:17.355Z

Reserved: 2011-12-07T00:00:00

Link: CVE-2012-0029

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2012-01-27T15:55:04.750

Modified: 2023-02-13T00:22:33.990

Link: CVE-2012-0029

cve-icon Redhat

Severity : Important

Publid Date: 2012-01-23T00:00:00Z

Links: CVE-2012-0029 - Bugzilla