CVE-2012-6075
xen-qemu-dm-4.0 - buffer overflow
EPSS 7.5%
Description
Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.
How to fix CVE-2012-6075
To remediate CVE-2012-6075, upgrade the affected package to a fixed version below.
- Debian/qemu—upgrade to 1.1.2+dfsg-4 or later
- Debian/qemu—upgrade to 0.12.5+dfsg-3squeeze3 or later
- —upgrade to 0.12.5+dfsg-5+squeeze10 or later
- —upgrade to 4.1.3-8 or later
- —upgrade to 4.0.1-2+squeeze3 or later
Is CVE-2012-6075 being exploited?
Moderate — EPSS is 7.5%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (5)
- from 0, < 1.1.2+dfsg-4
- from 0, < 0.12.5+dfsg-3squeeze3
- from 0, < 0.12.5+dfsg-5+squeeze10
- from 0, < 4.1.3-8
- from 0, < 4.0.1-2+squeeze3