Vulnerability Details : CVE-2012-6075
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
Vulnerability category: OverflowDenial of service
Products affected by CVE-2012-6075
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.2:*:*:*:*:*:*:*
- cpe:2.3:o:opensuse:opensuse:12.1:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2012-6075
1.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 84 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2012-6075
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2012-6075
-
The product copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.Assigned by: nvd@nist.gov (Primary)
References for CVE-2012-6075
-
http://lists.opensuse.org/opensuse-updates/2013-04/msg00051.html
openSUSE-SU-2013:0636-1: moderate: xen: security and bugfix updateThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0610.html
RHSA-2013:0610 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://security.gentoo.org/glsa/glsa-201309-24.xml
Xen: Multiple vulnerabilities (GLSA 201309-24) — Gentoo securityThird Party Advisory
-
http://www.debian.org/security/2013/dsa-2607
Debian -- Security Information -- DSA-2607-1 qemu-kvmThird Party Advisory
-
http://www.debian.org/security/2013/dsa-2619
Debian -- Security Information -- DSA-2619-1 xen-qemu-dm-4.0Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2012/12/30/1
oss-security - Re: CVE request: qemu e1000 emulated device gues-side buffer overflowMailing List;Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0599.html
RHSA-2013:0599 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.html
[SECURITY] Fedora 17 Update: qemu-1.0.1-3.fc17Third Party Advisory
-
http://www.debian.org/security/2013/dsa-2608
Debian -- Security Information -- DSA-2608-1 qemuThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.html
[SECURITY] Fedora 18 Update: qemu-1.2.2-2.fc18Third Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0639.html
RHSA-2013:0639 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.html
[security-announce] SUSE-SU-2014:0446-1: important: Security update forThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0608.html
RHSA-2013:0608 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://lists.opensuse.org/opensuse-updates/2013-04/msg00052.html
openSUSE-SU-2013:0637-1: moderate: xen: security and bugfix updateThird Party Advisory
-
http://rhn.redhat.com/errata/RHSA-2013-0609.html
RHSA-2013:0609 - Security Advisory - Red Hat Customer PortalThird Party Advisory
-
http://git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=b0d9ffcd0251161c7c92f94804dcf599dfa3edeb
QEMU · GitLab
-
http://lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.html
[SECURITY] Fedora 16 Update: qemu-0.15.1-9.fc16Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=889301
889301 – (CVE-2012-6075) CVE-2012-6075 qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabledIssue Tracking;Third Party Advisory
-
http://www.securityfocus.com/bid/57420
QEMU CVE-2012-6075 Buffer Overflow VulnerabilityThird Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-1692-1
USN-1692-1: QEMU vulnerability | Ubuntu security noticesThird Party Advisory
-
http://lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.html
[Qemu-devel] [PATCH] e1000: Discard oversized packets based on SBP|LPEPatch;Third Party Advisory
Jump to