Skip to navigation

CVE Database

CVE-2012-6075

Impact: Important
Public: 2012-12-16
Bugzilla: 889301: CVE-2012-6075 qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled

Details

The MITRE CVE dictionary describes this issue as:

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

Find out more about CVE-2012-6075 from the MITRE CVE dictionary and NIST NVD.

CVSS v2 metrics

Base Score: 6.8
Base Metrics: AV:A/AC:H/Au:N/C:C/I:C/A:C
Access Vector: Adjacent Network
Access Complexity: High
Authentication: None
Confidentiality Impact: Complete
Integrity Impact: Complete
Availability Impact: Complete

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat security errata

Platform Errata Release Date
OpenStack Folsom (qemu-kvm-rhev) RHSA-2013:0639 March 12, 2013
RHEL Virtualization version 5 (kvm) RHSA-2013:0608 March 07, 2013
RHEL Virtualization version 5 (xen) RHSA-2013:0599 March 06, 2013
RHEV Agents (vdsm) (qemu-kvm-rhev) RHSA-2013:0610 March 07, 2013
RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) RHSA-2013:0636 March 13, 2013
Red Hat Enterprise Linux version 5 (xen) RHSA-2013:0599 March 06, 2013
Red Hat Enterprise Linux version 6 (qemu-kvm) RHSA-2013:0609 March 07, 2013

External References

This page is generated automatically and has not been checked for errors or omissions.

For clarification or corrections please contact the Red Hat Security Response Team.