[Secure-testing-team] Bug#657529: e1000: process_tx_desc legacy mode packets heap overflow (CVE-2012-0029)
Michael Tokarev
mjt at tls.msk.ru
Thu Jan 26 20:23:35 UTC 2012
Package: qemu-kvm
Version: 0.12.5+dfsg-5+squeeze6
Severity: serious
Tags: patch security squeeze upstream sid
There is a buffer overflow in handling of network
packets transmitted from guest to qemu/kvm process
in e1000 emulated device. A malicious guest running
on a virtual machine with emulated e1000 device can
trigger a heap overflow in host process and gain
host privileges.
This is assigned CVE-2012-0029.
Both stable (squeeze) and testing/unstable versions
are affected (and actually oldstable as well, but
there, kvm package is severly broken anyway).
More information about the Secure-testing-team
mailing list