CVE-2012-3515 - OpenCVE

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Suse	Linux Enterprise Software Development Kit Linux Enterprise Desktop Linux Enterprise Server
Redhat	Enterprise Linux Virtualization Enterprise Linux Desktop Enterprise Linux Workstation Enterprise Linux Server Enterprise Linux Eus
Canonical	Ubuntu Linux
Qemu	Qemu
Debian	Debian Linux
Xen	Xen
Opensuse	Opensuse

Configuration 1 [-]

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:o:xen:xen:4.0.0:::::::*
	cpe:2.3:o:xen:xen:4.1.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:opensuse:opensuse:11.4:::::::*
	cpe:2.3:o:opensuse:opensuse:12.1:::::::*
	cpe:2.3:o:opensuse:opensuse:12.2:::::::*
	cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp2::::::
	cpe:2.3:o:suse:linux_enterprise_server:10:sp3:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_server:11:sp1:::ltss:::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::-::*
	cpe:2.3:o:suse:linux_enterprise_server:11:sp2::::vmware::*
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4::::::
	cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2::::::

Configuration 3 [-]

AND

cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*

Configuration 4 [-]

OR	cpe:2.3:a:redhat:virtualization:5.0:::::::*
	cpe:2.3:a:redhat:virtualization:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_eus:6.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:6.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:::::::*

Configuration 5 [-]

OR	cpe:2.3:o:debian:debian_linux:6.0:::::::*
	cpe:2.3:o:debian:debian_linux:7.0:::::::*

Configuration 6 [-]

OR	cpe:2.3:o:canonical:ubuntu_linux:10.04::::-:::
	cpe:2.3:o:canonical:ubuntu_linux:11.04:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:11.10:::::::*
	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::

References

Link	Resource
http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html	Mailing List Third Party Advisory
http://lists.opensuse.org/opensuse-updates/2012-09/msg00051.html	Mailing List Third Party Advisory
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html	Mailing List Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2012-1233.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1234.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1235.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1236.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1262.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-1325.html	Third Party Advisory
http://secunia.com/advisories/50472	Third Party Advisory
http://secunia.com/advisories/50528	Third Party Advisory
http://secunia.com/advisories/50530	Third Party Advisory
http://secunia.com/advisories/50632	Third Party Advisory
http://secunia.com/advisories/50689	Third Party Advisory
http://secunia.com/advisories/50860	Third Party Advisory
http://secunia.com/advisories/50913	Third Party Advisory
http://secunia.com/advisories/51413	Third Party Advisory
http://secunia.com/advisories/55082	Third Party Advisory
http://security.gentoo.org/glsa/glsa-201309-24.xml	Third Party Advisory
http://support.citrix.com/article/CTX134708	Third Party Advisory
http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability	Vendor Advisory
http://www.debian.org/security/2012/dsa-2543	Third Party Advisory
http://www.debian.org/security/2012/dsa-2545	Third Party Advisory
http://www.openwall.com/lists/oss-security/2012/09/05/10	Mailing List Mitigation Third Party Advisory
http://www.securityfocus.com/bid/55413	Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-1590-1	Third Party Advisory
https://security.gentoo.org/glsa/201604-03	Third Party Advisory