XSA-6

CVE-2012-0029


问题描述

xsa6

HVM e1000, buffer overflow

Heap-based buffer overflow in the processtxdesc function in the e1000 emulation (hw/e1000.c) in qemu-kvm 0.12, and possibly other versions, allows guest OS users to cause a denial of service (QEMU crash) and possibly execute arbitrary code via crafted legacy mode packets.

buffer overflow


Patch描述

http://xenbits.xen.org/hg/xen-4.0-testing.hg/rev/3feb83eed6bd

--- a/Config.mk Tue Jan 31 11:49:30 2012 +0000
+++ b/Config.mk Thu Feb 02 14:00:32 2012 +0000
@@ -178,10 +178,9 @@ endif
 # CONFIG_QEMU ?= ../qemu-xen.git
 CONFIG_QEMU ?= $(QEMU_REMOTE)
 
-QEMU_TAG := xen-4.0.3
-#QEMU_TAG ?= 6d5b7ee3acfe8cc10681d2583a38398f7470ec2a
-# Wed Jan 5 23:42:03 2011 +0000
-# Change tap device mac address to prevent change of bridge's mac
+QEMU_TAG := 36984c285a765541b04f378bfa84d2c850c167d3
+# Thu Feb 2 13:47:06 2012 +0000
+# e1000: bounds packet size against buffer size
 
 OCAML_XENSTORED_REPO=http://xenbits.xensource.com/ext/xen-ocaml-tools.hg
I 

Consequence

DoS, code execution