CVE-2012-3515

Priority
Medium
Description
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating
certain devices with a virtual console backend, allows local OS guest users
to gain privileges via a crafted escape VT100 sequence that triggers the
overwrite of a "device model's address space."
References
Bugs
Notes
kees> for full-virtualization issues, add qemu (and kvm)
mdeslaur> This is XSA-17
mdeslaur> Also affects qemu-kvm
jdstrand> xen-qemu-dm-4.0 needs libxen-dev >= 4.0, but it isn't available in
11.04, as a result, there are no binaries available in 11.04.
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Source: xen (LP Ubuntu Debian)
Upstream:released (4.1.3-2)
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):released (4.1.2-2ubuntu2.4)
Ubuntu 12.10 (Quantal Quetzal):not-affected (4.1.3-3ubuntu1)
Ubuntu 13.10 (Saucy Salamander):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):released (0.12.3+noroms-0ubuntu9.20)
Ubuntu 12.04 LTS (Precise Pangolin):released (1.0+noroms-0ubuntu14.2)
Ubuntu 12.10 (Quantal Quetzal):not-affected (1.2.0+noroms-0ubuntu2)
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Patches:
Upstream:http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=3eea5498ca501922520b3447ba94815bfc109743
Package
Upstream:needs-triage
Ubuntu 10.04 LTS (Lucid Lynx):DNE
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 12.10 (Quantal Quetzal):DNE
Ubuntu 13.10 (Saucy Salamander):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Patches:
Vendor:http://www.debian.org/security/2012/dsa-2543
More Information

Valid XHTML 1.0 Strict

Updated: 2014-02-20 14:14:46 UTC (commit 7761)