Control: reopen -1 Control: retitle -1 potential guest-side buffer overflow caused by e1000 device emulation and large incoming packets - CVE-2012-6075 Control: tags -1 + patch pending upstream
There is another half of the same issue. Current patch/fix which has been applied is about the case when no jumbo frames are enabled at all - in this case the maximum packet size is 1522 bytes. But the re's another case - when jumbo frames are actully enabled but not any size (there's another bit that enables very large packets, in this case receiving method is different). In this case, maximum packet size a guest can handle is 16384 bytes. In both cases old code allowed larger packets to be received, and in both cases it will result in guest-side buffer overflow with potential to execute any code in guest. Reopening this bug now and updating the subject, mentioning meanwhile-assigned CVE#. Thanks, /mjt -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
