CVE-2012-3515: Input Validation
First published: Fri Nov 23 2012(Updated: )
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| QEMU KVM | <1.2.0 | |
| Xen xen-unstable | =4.0.0 | |
| Xen xen-unstable | =4.1.0 | |
| openSUSE | =11.4 | |
| openSUSE | =12.1 | |
| openSUSE | =12.2 | |
| SUSE Linux Enterprise Desktop with Beagle | =10-sp4 | |
| SUSE Linux Enterprise Desktop with Beagle | =11-sp2 | |
| SUSE Linux Enterprise Server | =10-sp2 | |
| SUSE Linux Enterprise Server | =10-sp3 | |
| SUSE Linux Enterprise Server | =10-sp4 | |
| SUSE Linux Enterprise Server | =11-sp1 | |
| SUSE Linux Enterprise Server | =11-sp2 | |
| suse linux enterprise server vmware | =11-sp2 | |
| SUSE Linux Enterprise Software Development Kit | =10-sp4 | |
| SUSE Linux Enterprise Software Development Kit | =11-sp2 | |
| Red Hat Enterprise Virtualization | =3.0 | |
| Red Hat Enterprise Linux | =6.0 | |
| Red Hat Enterprise Virtualization | =5.0 | |
| Red Hat Enterprise Virtualization | =6.0 | |
| redhat enterprise Linux desktop | =5.0 | |
| redhat enterprise Linux desktop | =6.0 | |
| redhat enterprise Linux eus | =6.3 | |
| redhat enterprise Linux server | =5.0 | |
| redhat enterprise Linux server | =6.0 | |
| redhat enterprise Linux workstation | =5.0 | |
| redhat enterprise Linux workstation | =6.0 | |
| Debian GNU/Linux | =6.0 | |
| Debian GNU/Linux | =7.0 | |
| Ubuntu Linux | =10.04 | |
| Ubuntu Linux | =11.04 | |
| Ubuntu Linux | =11.10 | |
| Ubuntu Linux | =12.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html
- http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html
- http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
- http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
- http://lists.opensuse.org/opensuse-updates/2012-09/msg00051.html
- http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
- http://rhn.redhat.com/errata/RHSA-2012-1233.html
- http://rhn.redhat.com/errata/RHSA-2012-1234.html
- http://rhn.redhat.com/errata/RHSA-2012-1235.html
- http://rhn.redhat.com/errata/RHSA-2012-1236.html
- http://rhn.redhat.com/errata/RHSA-2012-1262.html
- http://rhn.redhat.com/errata/RHSA-2012-1325.html
- http://secunia.com/advisories/50472
- http://secunia.com/advisories/50528
- http://secunia.com/advisories/50530
- http://secunia.com/advisories/50632
- http://secunia.com/advisories/50689
- http://secunia.com/advisories/50860
- http://secunia.com/advisories/50913
- http://secunia.com/advisories/51413
- http://secunia.com/advisories/55082
- http://security.gentoo.org/glsa/glsa-201309-24.xml
- http://support.citrix.com/article/CTX134708
- http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability
- http://www.debian.org/security/2012/dsa-2543
- http://www.debian.org/security/2012/dsa-2545
- http://www.openwall.com/lists/oss-security/2012/09/05/10
- http://www.securityfocus.com/bid/55413
- http://www.ubuntu.com/usn/USN-1590-1
- https://security.gentoo.org/glsa/201604-03
Frequently Asked Questions
What is the severity of CVE-2012-3515?
CVE-2012-3515 has a high severity rating due to the potential privilege escalation for local OS guest users.
How do I fix CVE-2012-3515?
To mitigate CVE-2012-3515, users should upgrade the affected QEMU version to 1.2.0 or higher.
Who is affected by CVE-2012-3515?
CVE-2012-3515 affects systems utilizing QEMU versions prior to 1.2.0 and specific versions of Xen and openSUSE.
What systems are vulnerable to CVE-2012-3515?
Vulnerable systems include Xen 4.0, 4.1 and various versions of openSUSE, SUSE Linux Enterprise, Red Hat, and Debian.
What type of vulnerability is CVE-2012-3515?
CVE-2012-3515 is a privilege escalation vulnerability that arises from improper handling of escape VT100 sequences.
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/weakness
- agent/severity
- agent/references
- agent/author
- agent/description
- agent/event
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/qemu
- canonical/qemu kvm
- vendor/xen
- canonical/xen xen-unstable
- version/xen xen-unstable/4.0.0
- version/xen xen-unstable/4.1.0
- vendor/opensuse
- canonical/opensuse
- version/opensuse/11.4
- version/opensuse/12.1
- version/opensuse/12.2
- vendor/suse
- canonical/suse linux enterprise desktop with beagle
- version/suse linux enterprise desktop with beagle/10-sp4
- version/suse linux enterprise desktop with beagle/11-sp2
- canonical/suse linux enterprise server
- version/suse linux enterprise server/10-sp2
- version/suse linux enterprise server/10-sp3
- version/suse linux enterprise server/10-sp4
- version/suse linux enterprise server/11-sp1
- version/suse linux enterprise server/11-sp2
- canonical/suse linux enterprise server vmware
- version/suse linux enterprise server vmware/11-sp2
- canonical/suse linux enterprise software development kit
- version/suse linux enterprise software development kit/10-sp4
- version/suse linux enterprise software development kit/11-sp2
- vendor/redhat
- canonical/red hat enterprise virtualization
- version/red hat enterprise virtualization/3.0
- canonical/red hat enterprise linux
- version/red hat enterprise linux/6.0
- version/red hat enterprise virtualization/5.0
- version/red hat enterprise virtualization/6.0
- canonical/redhat enterprise linux desktop
- version/redhat enterprise linux desktop/5.0
- version/redhat enterprise linux desktop/6.0
- canonical/redhat enterprise linux eus
- version/redhat enterprise linux eus/6.3
- canonical/redhat enterprise linux server
- version/redhat enterprise linux server/5.0
- version/redhat enterprise linux server/6.0
- canonical/redhat enterprise linux workstation
- version/redhat enterprise linux workstation/5.0
- version/redhat enterprise linux workstation/6.0
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/6.0
- version/debian gnu/linux/7.0
- vendor/canonical
- canonical/ubuntu linux
- version/ubuntu linux/10.04
- version/ubuntu linux/11.04
- version/ubuntu linux/11.10
- version/ubuntu linux/12.04