CVE-2012-6075 — Classic Buffer Overflow in Qemu
Severity
9.3CRITICALNVD
EPSS
7.5%
top 8.17%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedFeb 13
Latest updateMay 13
Description
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
CVSS vector
AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0
Affected Packages9 packages
Also affects: Debian Linux 6.0, Fedora 16, 17, 18, Ubuntu Linux 10.04, 11.10, 12.04, 12.10, Enterprise Linux 5.9, 6.4
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-mw8m-jhfq-5hv9: Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000↗2022-05-13
CVEList▶
CVE-2012-6075: Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000↗2013-02-13
OSV▶
CVE-2012-6075: Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000↗2013-02-13
📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [fedora-all]↗2013-02-13
Bugzilla▶
CVE-2012-6075 qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled↗2012-12-20
Bugzilla▶
CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [fedora-all]↗2012-12-20
Bugzilla▶
CVE-2012-6075 qemu (e1000 device driver): Buffer overflow when processing large packets when SBP and LPE flags are disabled [epel-5]↗2012-12-20