Arbitrary Code Execution

2020-04-1001:09:16

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.4 High

CVSS2

Access Vector

ADJACENT_NETWORK

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:A/AC:M/Au:S/C:C/I:C/A:C

JSON

qemu is vulnerable to arbitrary code execution. A heap overflow flaw was found in the way QEMU-KVM emulated the e1000 network interface card. A privileged guest user in a virtual machine whose network interface is configured to use the e1000 emulated driver could use this flaw to crash the host or, possibly, escalate their privileges on the host.

CPENameOperatorVersion
qemu-kvmeq0.12.1.2__2.160.el6
qemu-kvmeq0.12.1.2__2.160.el6_1.6
qemu-kvmeq0.12.1.2__2.160.el6_1.8
qemu-kvmeq0.12.1.2__2.113.el6
qemu-kvmeq0.12.1.2__2.113.el6_0.3
qemu-kvmeq0.12.1.2__2.160.el6_1.9
qemu-kvmeq0.12.1.2__2.113.el6_0.8
qemu-kvmeq0.12.1.2__2.160.el6_1.2
qemu-kvmeq0.12.1.2__2.160.el6_1.3
qemu-kvmeq0.12.1.2__2.113.el6_0.6

Name	Operator	Version
qemu-kvm	eq	0.12.1.2__2.160.el6
qemu-kvm	eq	0.12.1.2__2.160.el6_1.6
qemu-kvm	eq	0.12.1.2__2.160.el6_1.8
qemu-kvm	eq	0.12.1.2__2.113.el6
qemu-kvm	eq	0.12.1.2__2.113.el6_0.3
qemu-kvm	eq	0.12.1.2__2.160.el6_1.9
qemu-kvm	eq	0.12.1.2__2.113.el6_0.8
qemu-kvm	eq	0.12.1.2__2.160.el6_1.2
qemu-kvm	eq	0.12.1.2__2.160.el6_1.3
qemu-kvm	eq	0.12.1.2__2.113.el6_0.6