CVE-2012-6075

Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.

Published: Feb 13, 2013
Updated: Apr 13, 2023
CVE: CVE-2012-6075
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

CWEs:

CWE-120

Affected Software
References

Software	From	Fixed in
qemu / qemu	-	1.3.0
fedoraproject / fedora	17	17.x
fedoraproject / fedora	16	16.x
fedoraproject / fedora	18	18.x
suse / linux_enterprise_server	11-sp1	11-sp1.x
opensuse / opensuse	12.2	12.2.x
opensuse / opensuse	12.1	12.1.x
redhat / enterprise_linux_server	5.0	5.0.x
redhat / enterprise_linux_workstation	5.0	5.0.x
redhat / enterprise_linux_server_aus	6.4	6.4.x
redhat / enterprise_linux_desktop	6.0	6.0.x
redhat / enterprise_linux_server	6.0	6.0.x
redhat / enterprise_linux_workstation	6.0	6.0.x
redhat / enterprise_linux_desktop	5.0	5.0.x
redhat / enterprise_linux_server_aus	5.9	5.9.x
redhat / enterprise_linux_eus	5.9	5.9.x
redhat / enterprise_linux_eus	6.4	6.4.x
redhat / virtualization	3.0	3.0.x
debian / debian_linux	6.0	6.0.x
canonical / ubuntu_linux	11.10	11.10.x
canonical / ubuntu_linux	12.10	12.10.x
canonical / ubuntu_linux	12.04	12.04.x
canonical / ubuntu_linux	10.04	10.04.x

Vulnerability Database

289,599

CVE-2012-6075