Unrated severityNVD Advisory· Published Nov 23, 2012· Updated Apr 29, 2026
CVE-2012-3515
CVE-2012-3515
Description
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Affected products
34cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:5.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:virtualization:6.0:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:10.04:*:*:*:-:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.04:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*
cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:debian:debian_linux:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_desktop:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_eus:6.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_server:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:redhat:enterprise_linux_workstation:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_desktop:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_desktop:11:sp2:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp3:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp1:*:*:ltss:*:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:-:*:*
- cpe:2.3:o:suse:linux_enterprise_server:11:sp2:*:*:*:vmware:*:*
cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:10:sp4:*:*:*:*:*:*
- cpe:2.3:o:suse:linux_enterprise_software_development_kit:11:sp2:*:*:*:*:*:*
- osv-coords2 versionspkg:rpm/opensuse/qemu&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/qemu-linux-user&distro=openSUSE%20Tumbleweed
< 2.6.1-1.5+ 1 more
- (no CPE)range: < 2.6.1-1.5
- (no CPE)range: < 2.6.1-1.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
40- lists.opensuse.org/opensuse-security-announce/2012-09/msg00001.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-09/msg00003.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-09/msg00004.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-09/msg00005.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-09/msg00012.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-09/msg00016.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-09/msg00017.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-09/msg00018.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-09/msg00024.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-09/msg00026.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-09/msg00027.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-10/msg00002.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00017.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-security-announce/2012-11/msg00018.htmlnvdMailing ListThird Party Advisory
- lists.opensuse.org/opensuse-updates/2012-09/msg00051.htmlnvdMailing ListThird Party Advisory
- lists.xen.org/archives/html/xen-announce/2012-09/msg00003.htmlnvdMailing ListVendor Advisory
- rhn.redhat.com/errata/RHSA-2012-1233.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1234.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1235.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1236.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1262.htmlnvdThird Party Advisory
- rhn.redhat.com/errata/RHSA-2012-1325.htmlnvdThird Party Advisory
- secunia.com/advisories/50472nvdThird Party Advisory
- secunia.com/advisories/50528nvdThird Party Advisory
- secunia.com/advisories/50530nvdThird Party Advisory
- secunia.com/advisories/50632nvdThird Party Advisory
- secunia.com/advisories/50689nvdThird Party Advisory
- secunia.com/advisories/50860nvdThird Party Advisory
- secunia.com/advisories/50913nvdThird Party Advisory
- secunia.com/advisories/51413nvdThird Party Advisory
- secunia.com/advisories/55082nvdThird Party Advisory
- security.gentoo.org/glsa/glsa-201309-24.xmlnvdThird Party Advisory
- support.citrix.com/article/CTX134708nvdThird Party Advisory
- wiki.xen.org/wiki/Security_AnnouncementsnvdVendor Advisory
- www.debian.org/security/2012/dsa-2543nvdThird Party Advisory
- www.debian.org/security/2012/dsa-2545nvdThird Party Advisory
- www.openwall.com/lists/oss-security/2012/09/05/10nvdMailing ListMitigationThird Party Advisory
- www.securityfocus.com/bid/55413nvdThird Party AdvisoryVDB Entry
- www.ubuntu.com/usn/USN-1590-1nvdThird Party Advisory
- security.gentoo.org/glsa/201604-03nvdThird Party Advisory
News mentions
0No linked articles in our index yet.