CVE-2012-3515

Priority
Medium
Description
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating
certain devices with a virtual console backend, allows local OS guest users
to gain privileges via a crafted escape VT100 sequence that triggers the
overwrite of a "device model's address space."
References
Bugs
Notes
 kees> for full-virtualization issues, add qemu (and kvm)
 mdeslaur> This is XSA-17
 mdeslaur> Also affects qemu-kvm
 jdstrand> xen-qemu-dm-4.0 needs libxen-dev >= 4.0, but it isn't available in
  11.04, as a result, there are no binaries available in 11.04.
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Package
Source: xen (LP Ubuntu Debian)
Upstream:released (4.1.3-2)
Ubuntu 12.04 LTS (Precise Pangolin):released (4.1.2-2ubuntu2.4)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (1.0+noroms-0ubuntu14.2)
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Patches:
Upstream:http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=3eea5498ca501922520b3447ba94815bfc109743
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Patches:
Vendor:http://www.debian.org/security/2012/dsa-2543
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:40:51 UTC (commit 9756)