PT-2012-2252 · Qemu+3 · Qemu-Kvm+3

Nicolae Mogoreanu

Publicado

2012-01-23

Atualizado

2024-06-15

CVE-2012-0029

CVSS v2.0

7.4

Alta

Vetor

AV:A/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions qemu-kvm version 0.12

Description A heap-based buffer overflow issue exists in the process tx desc function within the e1000 emulation. This allows guest OS users to potentially cause a denial of service, leading to a QEMU crash, and possibly execute arbitrary code by sending crafted legacy mode packets.

Recommendations For qemu-kvm version 0.12, consider disabling the e1000 emulation as a temporary workaround until a patch is available. Restrict access to the process tx desc function to minimize the risk of exploitation. Avoid using crafted legacy mode packets in the affected API endpoint until the issue is resolved.

Correção

DoS

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119

Identificadores relacionados

CESA-2012_0050

CVE-2012-0029

DSA-2396-1

DSA-2404-1

OPENSUSE-SU-2024:10196-1

RHSA-2012:0050

RHSA-2012:0051

RHSA-2012:0109

RHSA-2012:0370

RHSA-2012_0050

RHSA-2012_0051

RHSA-2012_0370

SUSE-SU-2012_0275-1

SUSE-SU-2012_0386-1

SUSE-SU-2015:0929-1

Produtos afetados

Centos

Red Hat

Suse

Qemu-Kvm

PT-2012-2252 · Qemu+3 · Qemu-Kvm+3

CVE-2012-0029

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 186