Your submission was sent successfully! Close

CVE-2012-3515

Published: 06 September 2012

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."

Priority

Medium

Status

Package Release Status
qemu-kvm
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Upstream: http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=3eea5498ca501922520b3447ba94815bfc109743
xen
Launchpad, Ubuntu, Debian
Upstream
Released (4.1.3-2)
Binaries built from this source package are in Universe and so are supported by the community.
xen-3.1
Launchpad, Ubuntu, Debian
Upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.2
Launchpad, Ubuntu, Debian
Upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-3.3
Launchpad, Ubuntu, Debian
Upstream Needs triage

Binaries built from this source package are in Universe and so are supported by the community.
xen-qemu-dm-4.0
Launchpad, Ubuntu, Debian
Upstream Needs triage

Patches:
Vendor: http://www.debian.org/security/2012/dsa-2543

Notes

AuthorNote
kees
for full-virtualization issues, add qemu (and kvm)
mdeslaur
This is XSA-17
Also affects qemu-kvm
jdstrand
xen-qemu-dm-4.0 needs libxen-dev >= 4.0, but it isn't available in
11.04, as a result, there are no binaries available in 11.04.

References

Bugs