PT-2012-4779 · Xen+3 · Qemu+3

Publicado

2012-09-05

Atualizado

2024-06-15

CVE-2012-3515

CVSS v2.0

7.2

Alta

Vetor

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Qemu versions as used in Xen 4.0, 4.1

Description The issue allows local OS guest users to gain privileges through a crafted escape VT100 sequence. This sequence triggers the overwrite of a device model's address space when emulating certain devices with a virtual console backend.

Recommendations For Qemu as used in Xen 4.0, 4.1, consider disabling the virtual console backend for certain devices until a patch is available. Restrict access to the device model to minimize the risk of exploitation. Avoid using the virtual console backend for sensitive operations until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CESA-2012_1234

CVE-2012-3515

DSA-2542-1

DSA-2543-1

DSA-2545-1

OPENSUSE-SU-2012_1170-1

OPENSUSE-SU-2012_1172-1

OPENSUSE-SU-2012_1174-1

OPENSUSE-SU-2012_1572-1

OPENSUSE-SU-2012_1573-1

OPENSUSE-SU-2024:10233-1

OPENSUSE-SU-2024:10285-1

RHSA-2012:1233

RHSA-2012:1234

RHSA-2012:1235

RHSA-2012:1236

RHSA-2012:1325

RHSA-2012_1234

RHSA-2012_1235

RHSA-2012_1236

SUSE-SU-2012_1203-1

SUSE-SU-2012_1203-2

SUSE-SU-2012_1205-1

SUSE-SU-2015:0929-1

SUSE-SU-2015:0943-1

Produtos afetados

Centos

Qemu

Red Hat

Suse

PT-2012-4779 · Xen+3 · Qemu+3

CVE-2012-3515

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 170