9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.023 Low
EPSS
Percentile
89.6%
Buffer overflow in the e1000_receive function in the e1000 device driver
(hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE
flags are disabled, allows remote attackers to cause a denial of service
(guest OS crash) and possibly execute arbitrary guest code via a large
packet.
Author | Note |
---|---|
mdeslaur | hypervisor packages are in universe. For issues in the hypervisor, add appropriate tags to each section, ex: Tags_xen: universe-binary |
kees | qemu and kvm are only included if the Xen issue is in full-virt mode. |
seth-arnold | “there will be no more qemu-kvm releases.” – Michael Tokarev qemu patches should apply to xen’s embedded copies |
mdeslaur | raring is replacing qemu-kvm with qemu (in progress) |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 13.04 | noarch | qemu | < 1.3.0+dfsg-1~exp3ubuntu3 | UNKNOWN |
ubuntu | 13.10 | noarch | qemu | < 1.3.0+dfsg-1~exp3ubuntu3 | UNKNOWN |
ubuntu | 10.04 | noarch | qemu-kvm | < 0.12.3+noroms-0ubuntu9.21 | UNKNOWN |
ubuntu | 11.10 | noarch | qemu-kvm | < 0.14.1+noroms-0ubuntu6.6 | UNKNOWN |
ubuntu | 12.04 | noarch | qemu-kvm | < 1.0+noroms-0ubuntu14.7 | UNKNOWN |
ubuntu | 12.10 | noarch | qemu-kvm | < 1.2.0+noroms-0ubuntu2.12.10.2 | UNKNOWN |
ubuntu | 11.10 | noarch | xen | < 4.1.1-2ubuntu4.5 | UNKNOWN |
ubuntu | 12.04 | noarch | xen | < 4.1.2-2ubuntu2.5 | UNKNOWN |
ubuntu | 12.10 | noarch | xen | < 4.1.3-3ubuntu1.2 | UNKNOWN |
ubuntu | 13.04 | noarch | xen | < 4.2.0-1ubuntu6 | UNKNOWN |