CVE-2012-3515

Published: Nov 23, 2012Modified: Apr 29, 2026

7.2

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Exploitability: 3.9 / Impact: 10.0

Source: NVD

Description

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."

Affected (32)

Products: Qemu: Qemu · Xen: Xen · Opensuse: Opensuse · +4 more

Show all products

1 product

1 product

1 product

3 products

Linux Enterprise Desktop

Linux Enterprise Server

Linux Enterprise Software Development Kit

Redhat

5 products

Virtualization

Enterprise Linux Desktop

Enterprise Linux Eus

Enterprise Linux Server

Enterprise Linux Workstation

1 product

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Qemu Qemu	Before 1.2.0
Xen Xen	Version 4.0.0
Xen Xen	Version 4.1.0

Configuration B

13 vulnerable

Vulnerable Software	Affected Versions
Opensuse Opensuse	Version 11.4
Opensuse Opensuse	Version 12.1
Opensuse Opensuse	Version 12.2
Suse Linux Enterprise Desktop	Version 10 sp4
Suse Linux Enterprise Desktop	Version 11 sp2
Suse Linux Enterprise Server	Version 10 sp2
Suse Linux Enterprise Server	Version 10 sp3
Suse Linux Enterprise Server	Version 10 sp4
Suse Linux Enterprise Server	Version 11 sp1
Suse Linux Enterprise Server	Version 11 sp2
Suse Linux Enterprise Server	Version 11 sp2
Suse Linux Enterprise Software Development Kit	Version 10 sp4
Suse Linux Enterprise Software Development Kit	Version 11 sp2

Configuration C

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Redhat Virtualization	Version 3.0

Running on/with	Platform Versions
Redhat Enterprise Linux	Version 6.0

Configuration D

9 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux Desktop	Version 5.0
Redhat Enterprise Linux Desktop	Version 6.0
Redhat Enterprise Linux Eus	Version 6.3
Redhat Enterprise Linux Server	Version 5.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Workstation	Version 5.0
Redhat Enterprise Linux Workstation	Version 6.0
Redhat Virtualization	Version 5.0
Redhat Virtualization	Version 6.0

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 6.0
Debian Debian Linux	Version 7.0

Configuration F

4 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 10.04
Canonical Ubuntu Linux	Version 11.04
Canonical Ubuntu Linux	Version 11.10
Canonical Ubuntu Linux	Version 12.04

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (82)

http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log

Source: secalert@redhat.com

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.opensuse.org/opensuse-updates/2012-09/msg00051.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html

Source: secalert@redhat.com

Mailing ListVendor Advisory

http://rhn.redhat.com/errata/RHSA-2012-1233.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-1234.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-1235.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-1236.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-1262.html

Source: secalert@redhat.com

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2012-1325.html

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/50472

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/50528

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/50530

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/50632

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/50689

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/50860

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/50913

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/51413

Source: secalert@redhat.com

Third Party Advisory

http://secunia.com/advisories/55082

Source: secalert@redhat.com

Third Party Advisory

http://security.gentoo.org/glsa/glsa-201309-24.xml

Source: secalert@redhat.com

Third Party Advisory

http://support.citrix.com/article/CTX134708

Source: secalert@redhat.com

Third Party Advisory

http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability

Source: secalert@redhat.com

Vendor Advisory

http://www.debian.org/security/2012/dsa-2543

Source: secalert@redhat.com

Third Party Advisory

http://www.debian.org/security/2012/dsa-2545

Source: secalert@redhat.com

Third Party Advisory

http://www.openwall.com/lists/oss-security/2012/09/05/10

Source: secalert@redhat.com

Mailing ListMitigationThird Party Advisory

http://www.securityfocus.com/bid/55413

Source: secalert@redhat.com

Third Party AdvisoryVDB Entry

http://www.ubuntu.com/usn/USN-1590-1

Source: secalert@redhat.com

Third Party Advisory

https://security.gentoo.org/glsa/201604-03

Source: secalert@redhat.com

Third Party Advisory

http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log