7.2
CVE-2012-3515
- EPSS 0.53%
- Veröffentlicht 23.11.2012 20:55:03
- Zuletzt bearbeitet 16.06.2026 23:43:23
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Suse ≫ Linux Enterprise Desktop Version10 Updatesp4
Suse ≫ Linux Enterprise Desktop Version11 Updatesp2
Suse ≫ Linux Enterprise Server Version10 Updatesp2
Suse ≫ Linux Enterprise Server Version10 Updatesp3 SwEditionltss
Suse ≫ Linux Enterprise Server Version10 Updatesp4
Suse ≫ Linux Enterprise Server Version11 Updatesp1 SwEditionltss
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatform-
Suse ≫ Linux Enterprise Server Version11 Updatesp2 SwPlatformvmware
Suse ≫ Linux Enterprise Software Development Kit Version10 Updatesp4
Suse ≫ Linux Enterprise Software Development Kit Version11 Updatesp2
Redhat ≫ Virtualization Version3.0
Redhat ≫ Virtualization Version5.0
Redhat ≫ Virtualization Version6.0
Redhat ≫ Enterprise Linux Desktop Version5.0
Redhat ≫ Enterprise Linux Desktop Version6.0
Redhat ≫ Enterprise Linux Eus Version6.3
Redhat ≫ Enterprise Linux Server Version5.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Workstation Version5.0
Redhat ≫ Enterprise Linux Workstation Version6.0
Debian ≫ Debian Linux Version6.0
Debian ≫ Debian Linux Version7.0
Canonical ≫ Ubuntu Linux Version10.04 SwEdition-
Canonical ≫ Ubuntu Linux Version11.04
Canonical ≫ Ubuntu Linux Version11.10
Canonical ≫ Ubuntu Linux Version12.04 SwEditionesm
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.53% | 0.404 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.2 | 3.9 | 10 |
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
http://secunia.com/advisories/51413
http://secunia.com/advisories/55082
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html
http://secunia.com/advisories/50913
http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html
http://secunia.com/advisories/50689
http://www.debian.org/security/2012/dsa-2545
http://rhn.redhat.com/errata/RHSA-2012-1262.html
http://rhn.redhat.com/errata/RHSA-2012-1325.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html
https://security.gentoo.org/glsa/201604-03
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html
http://secunia.com/advisories/50472
http://secunia.com/advisories/50530
http://support.citrix.com/article/CTX134708
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html
http://lists.opensuse.org/opensuse-updates/2012-09/msg00051.html
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
http://rhn.redhat.com/errata/RHSA-2012-1233.html
http://rhn.redhat.com/errata/RHSA-2012-1234.html
http://rhn.redhat.com/errata/RHSA-2012-1235.html
http://rhn.redhat.com/errata/RHSA-2012-1236.html
http://secunia.com/advisories/50528
http://secunia.com/advisories/50632
http://secunia.com/advisories/50860
http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability
http://www.debian.org/security/2012/dsa-2543
http://www.openwall.com/lists/oss-security/2012/09/05/10
http://www.securityfocus.com/bid/55413
http://www.ubuntu.com/usn/USN-1590-1