7.2
CVE-2012-3515
- EPSS 0.05%
- Veröffentlicht 23.11.2012 20:55:03
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- Teams Watchlist Login
- Unerledigt Login
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Suse ≫ Linux Enterprise Desktop Version10 Updatesp4
Suse ≫ Linux Enterprise Desktop Version11 Updatesp2
Suse ≫ Linux Enterprise Server Version10 Updatesp2
Suse ≫ Linux Enterprise Server Version10 Updatesp3 SwEditionltss
Suse ≫ Linux Enterprise Server Version10 Updatesp4
Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEditionltss
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatformvmware
Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp4
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp2
Redhat ≫ Virtualization Version3.0
Redhat ≫ Virtualization Version5.0
Redhat ≫ Virtualization Version6.0
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Eus Version6.3
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Workstation Version5.0
Redhat ≫ Enterprise Linux Workstation Version6.0
Debian ≫ Debian Linux Version6.0
Debian ≫ Debian Linux Version7.0
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version11.04
Canonical ≫ Ubuntu Linux Version11.10
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.17 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.