Orange Business Services
Vigil@nce Vigil@nce Vigil@nce
we track for your security since 1999
 home presentation vulnerabilities documentation contact  
subscriber area subscriber area
free access free access
The Vigil@nce team watches vulnerabilities impacting your computers, and then offers solutions, a database and tools to correct them.
recent vulnerabilities recent vulnerabilities
tracked products tracked products
RSS feed RSS feed
vulnerability

vulnerability bulletin CVE-2012-0029

Linux kernel: buffer overflow via KVM e1000

Synthesis of the vulnerability

An attacker, who is in a KVM guest system with an e1000 network device, can send two packets, in order to create an overflow, leading to a denial of service and possibly to code execution on the host system.
Severity: 2/4.
Creation date: 24/01/2012.

Impacted products

Description of the vulnerability

The Linux kernel and KVM can provide guest systems, where the emulated network device uses an Intel e1000 driver (with "model=e1000").

The process_tx_desc() function processes the TSE (Triple Speed Ethernet : 10/100/1000-Mbps) descriptor. However, when several packets are processed, and if the size of the descriptor is too high, a buffer overflow occurs.

An attacker, who is in a KVM guest system with an e1000 network device, can therefore send two packets, in order to create an overflow, leading to a denial of service and possibly to code execution on the host system.

Share this bulletin

Delicious Digg Facebook Google bookmarks LinkedIn Mail Reddit StumbleUpon Technorati Twitter Yahoo 

Complete Vigil@nce bulletin

Linux kernel: buffer overflow via KVM e1000

Characteristics

Title: Linux kernel: buffer overflow via KVM e1000.
Keywords: 100 1000-Mbps Ethernet Intel KVM Linux Speed TSE Triple buffer e1000 kernel overflow process_tx_desc.
Identifiers: BID-51642, CERTA-2012-AVI-061, CVE-2012-0029, DSA 2396-1, DSA 2404-1, FEDORA-2012-1375, FEDORA-2012-1539, openSUSE-SU-2012:0207-1, openSUSE-SU-2012:0267-1, openSUSE-SU-2012:0347-1, openSUSE-SU-2012:0548-1, RHSA-2012:0050-01, RHSA-2012:0051-01, RHSA-2012:0109-01, RHSA-2012:0168-01, RHSA-2012:0370-01, SUSE-SU-2012:0386-1, VIGILANCE-VUL-11313.

Information sources

Publications and announces

Solutions for this vulnerability

Patch or workaround

Computer vulnerabilities tracking service

Vigil@nce provides systems vulnerabilities patches. The Vigil@nce computer vulnerability tracking service alerts your teams of vulnerabilities or threats impacting your information system. The Vigil@nce vulnerability database contains several thousand vulnerabilities. The Vigil@nce security watch publishes vulnerability bulletins about threats impacting the information system.



















Copyright 1999-2012 Vigil@nce. Vigil@nce is a service from Orange Business Services. Site map. Legal notice. Version française