CVE-2012-0029

NameCVE-2012-0029
DescriptionHeap-based buffer overflow in the process_tx_desc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-2396-1, DSA-2404-1
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
qemu-kvm (PTS)wheezy1.1.2+dfsg-6+deb7u12fixed
wheezy (security)1.1.2+dfsg-6+deb7u24fixed
xen (PTS)wheezy4.1.4-3+deb7u9fixed
wheezy (security)4.1.6.lts1-10fixed
jessie4.4.1-9+deb8u9fixed
jessie (security)4.4.1-9+deb8u10fixed
buster, sid, stretch (security), stretch4.8.1-1+deb9u3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
qemu-kvmsource(unstable)1.0+dfsg-5high
qemu-kvmsourcesqueeze0.12.5+dfsg-5+squeeze8highDSA-2396-1
xensource(unstable)4.1.3~rc1+hg-20120614.a9c0a89c08f2-1medium
xensourcesqueeze(not affected)
xen-qemu-dm-4.0source(unstable)(unfixed)high
xen-qemu-dm-4.0sourcesqueeze4.0.1-2+squeeze1highDSA-2404-1

Notes

[squeeze] - xen <not-affected> (vulnerable code not present)

Search for package or bug name: Reporting problems