CVE-2012-6075
Description
A buffer overflow in QEMU's e1000 device driver allows remote attackers to crash the guest or possibly execute arbitrary code via a large packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in QEMU's e1000 device driver allows remote attackers to crash the guest or possibly execute arbitrary code via a large packet.
Vulnerability
A buffer overflow exists in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU version 1.3.0-rc2 and possibly other versions. The vulnerability occurs when the SBP (Store Bad Packets) and LPE (Large Packet Enable) flags are disabled, allowing a remote attacker to send an oversized packet that overflows the receive buffer [4].
Exploitation
An attacker with network access to the QEMU guest can send a crafted large packet to the emulated e1000 NIC. The attack requires no authentication and can be performed remotely. The packet triggers a buffer overflow when processed by the e1000 receive path, leading to memory corruption within the guest [1][2][3][4].
Impact
Successful exploitation can cause a denial of service (guest OS crash) and potentially allow arbitrary code execution within the guest at the privilege level of the emulated device. This compromises the confidentiality, integrity, and availability of the guest OS [4].
Mitigation
Red Hat released updated packages for Red Hat Enterprise Linux 5 (kvm) and 6 (qemu-kvm) on 2013-03-06 via RHSA-2013-0599 [2] and RHSA-2013-0609 [1], respectively, and for RHEL 5 (qemu-kvm) via RHSA-2013-0608 [3]. Users should apply the relevant updates. No workaround is documented for systems that cannot be patched.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
25- cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.10:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:o:fedoraproject:fedora:16:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:17:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:18:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_eus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server_aus:5.9:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server_aus:6.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
22- lists.nongnu.org/archive/html/qemu-devel/2012-12/msg00533.htmlnvdPatchThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2013-January/097541.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2013-January/097575.htmlnvdThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2013-January/097705.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2014-03/msg00021.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2013-04/msg00051.htmlnvdThird Party Advisory
- lists.opensuse.org/opensuse-updates/2013-04/msg00052.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-0599.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-0608.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-0609.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-0610.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2013-0639.htmlnvdThird Party Advisory
- secunia.com/advisories/55082nvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201309-24.xmlnvdThird Party Advisory
- www.debian.org/security/2013/dsa-2607nvdThird Party Advisory
- www.debian.org/security/2013/dsa-2608nvdThird Party Advisory
- www.debian.org/security/2013/dsa-2619nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2012/12/30/1nvdMailing ListThird Party Advisory
- www.securityfocus.com/bid/57420nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1692-1nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingThird Party Advisory
- git.qemu.orgnvd
News mentions
0No linked articles in our index yet.