PT-2012-2252 · Qemu+3 · Qemu-Kvm+3

Nicolae Mogoreanu

Published

2012-01-23

Updated

2024-06-15

CVE-2012-0029

CVSS v2.0

7.4

High

Vector

AV:A/AC:M/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions qemu-kvm version 0.12

Description A heap-based buffer overflow issue exists in the process tx desc function within the e1000 emulation. This allows guest OS users to potentially cause a denial of service, leading to a QEMU crash, and possibly execute arbitrary code by sending crafted legacy mode packets.

Recommendations For qemu-kvm version 0.12, consider disabling the e1000 emulation as a temporary workaround until a patch is available. Restrict access to the process tx desc function to minimize the risk of exploitation. Avoid using crafted legacy mode packets in the affected API endpoint until the issue is resolved.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CESA-2012_0050

CVE-2012-0029

DSA-2396-1

DSA-2404-1

OPENSUSE-SU-2024:10196-1

RHSA-2012:0050

RHSA-2012:0051

RHSA-2012:0109

RHSA-2012:0370

RHSA-2012_0050

RHSA-2012_0051

RHSA-2012_0370

SUSE-SU-2012_0275-1

SUSE-SU-2012_0386-1

SUSE-SU-2015:0929-1

Affected Products

Centos

Red Hat

Suse

Qemu-Kvm

PT-2012-2252 · Qemu+3 · Qemu-Kvm+3

CVE-2012-0029

Weakness Enumeration

Related Identifiers

Affected Products

References · 186