November 2014

Analyzing CVE-2012-6075 qemu: e1000 driver buffer overflow when processing large packets when SBP and LPE flags are disabled

This is an interesting bug in qemu, although since its in a emulation software, it is not that critical in production environment[as far as i know, things might be different].

the cve entry for this bug says following:

“Buffer overflow in the e1000_receive function in the e1000 device driver (hw/e1000.c) in QEMU 1.3.0-rc2 and other versions, when the SBP and LPE flags are disabled, allows remote attackers to cause a denial of service (guest OS crash) and possibly execute arbitrary guest code via a large packet.”