|Public release ||2013-01-16 14:50|
|Updated ||2013-01-17 12:17|
|Title ||qemu (e1000 device driver): Buffer overflow when processing large packets|
Filesadvisory-41.txt (signed advisory file)
-----BEGIN PGP SIGNED MESSAGE-----
Xen Security Advisory CVE-2012-6075 / XSA-41
qemu (e1000 device driver): Buffer overflow when processing large packets
UPDATES IN VERSION 2
Add a reference to a second required patch.
SUMMARY AND SOURCES OF INFORMATION
An issue in qemu has been disclosed which we believe affects some
users of Xen.
The Qemu project has not itself issued an advisory. More information
may be available in the advisories published by the distros:
For full and accurate information please refer to those advisories.
We have not conducted a full review of the information and patches
The rest of the information in this advisory is true to the best of
our knowledge at the time of writing.
The vulnerability impacts any host running HVM (Fully-Emulated) guests
which are configured with an e1000 NIC (using "model=e1000") in their
VIF configuration. Note that the default emulated NIC is "rtl8139"
which is not vulnerable.
In a vulnerable configuration a hostile network packet may be able to
corrupt the memory of the guest, leading to a guest DoS or remote
We do not believe that this issue enables an attack against the host.
Limiting the size of network frames (e.g. by disabling jumbo frames)
on the local network and the Xen bridge may reduce or eliminate
guests' vulnerability to the bug.
There are two patches required. See these git commits:
These fixes have both been applied to all qemu branches contained in
Xen version 4.1 onwards.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
-----END PGP SIGNATURE-----
Xenproject.org Security Team