Vulnerability DatabaseCVE-2012-3515
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2012-3515
November 23, 2012
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Related Resources (44)
https://security-tracker.debian.org/tracker/CVE-2012-3515
http://www.debian.org/security/2012/dsa-2543
http://www.openwall.com/lists/oss-security/2012/09/05/10
http://secunia.com/advisories/50860
http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.html
https://access.redhat.com/security/cve/CVE-2012-3515
http://rhn.redhat.com/errata/RHSA-2012-1234.html
http://www.debian.org/security/2012/dsa-2545
http://www.ubuntu.com/usn/USN-1590-1
http://rhn.redhat.com/errata/RHSA-2012-1325.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.html
http://lists.opensuse.org/opensuse-updates/2012-09/msg00051.html
http://secunia.com/advisories/50913
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.html
http://secunia.com/advisories/50530
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.html
http://secunia.com/advisories/50632
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.html
https://people.canonical.com/~ubuntu-security/cve/CVE-2012-3515
http://secunia.com/advisories/50528
http://www.securityfocus.com/bid/55413
http://secunia.com/advisories/55082
http://rhn.redhat.com/errata/RHSA-2012-1262.html
http://git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.html
http://secunia.com/advisories/50689
http://rhn.redhat.com/errata/RHSA-2012-1236.html
http://secunia.com/advisories/51413
http://support.citrix.com/article/CTX134708
http://security.gentoo.org/glsa/glsa-201309-24.xml
http://rhn.redhat.com/errata/RHSA-2012-1233.html
http://rhn.redhat.com/errata/RHSA-2012-1235.html
http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.html
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.html
http://secunia.com/advisories/50472
http://lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.html
https://security.gentoo.org/glsa/201604-03
http://lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.html
Do you need more information?
Contact Us
CVSS v4
Base Score:
8.6
Attack Vector
LOCAL
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
HIGH
Vulnerable System Integrity
HIGH
Vulnerable System Availability
HIGH
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
8.4
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH
CVSS v2
Base Score:
7.2
Access Vector
LOCAL
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
Weakness Type (CWE)
Improper Input Validation
CWE-20
EPSS
Base Score:
0.12