CVE-2012-3515

Common Vulnerabilities and Exposures

Upstream information

CVE-2012-3515 at MITRE

Description

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."

NVD CVSS v2 Base Score: 7.2 (AV:L/AC:L/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 777084

SUSE Security Advisories:

SUSE-SU-2012:1129-1, published Thu, 6 Sep 2012 22:08:33 +0200 (CEST)
SUSE-SU-2012:1132-1, published Fri, 7 Sep 2012 15:08:36 +0200 (CEST)
SUSE-SU-2012:1133-1, published Fri, 7 Sep 2012 16:08:25 +0200 (CEST)
SUSE-SU-2012:1135-1, published Fri, 7 Sep 2012 20:08:40 +0200 (CEST)
SUSE-SU-2012:1162-1, published Thu, 13 Sep 2012 22:08:30 +0200 (CEST)
SUSE-SU-2012:1202-1, published Tue, 18 Sep 2012 15:08:34 +0200 (CEST)
SUSE-SU-2012:1203-1, published Tue, 18 Sep 2012 15:08:37 +0200 (CEST)
SUSE-SU-2012:1203-2, published Thu, 25 Oct 2012 00:09:21 +0200 (CEST)
SUSE-SU-2012:1205-1, published Tue, 18 Sep 2012 15:08:40 +0200 (CEST)
SUSE-SU-2012:1320-1, published Tue, 9 Oct 2012 21:08:49 +0200 (CEST)
openSUSE-SU-2012:1153-1, published Wed, 12 Sep 2012 17:08:31 +0200 (CEST)
openSUSE-SU-2012:1170-1, published Fri, 14 Sep 2012 14:08:59 +0200 (CEST)
openSUSE-SU-2012:1172-1, published Fri, 14 Sep 2012 14:09:32 +0200 (CEST)
openSUSE-SU-2012:1174-1, published Fri, 14 Sep 2012 14:12:18 +0200 (CEST)
openSUSE-SU-2012:1176-1, published Fri, 14 Sep 2012 14:14:04 +0200 (CEST)
openSUSE-SU-2012:1572-1, published Mon, 26 Nov 2012 15:08:36 +0100 (CET)
openSUSE-SU-2012:1573-1, published Mon, 26 Nov 2012 15:13:15 +0100 (CET)

List of released packages

Product(s)	Fixed package version(s)	References
SLE SDK 10 SP4 for IPF SLE SDK 10 SP4 for X86-64 SLE SDK 10 SP4 for x86	`qemu >= 0.8.2-37.14.1`	sle10-sp4-sdk.x86-64 sle10-sp4-sdk.x86 sle10-sp4-sdk.x86-64 sle10-sp4-sdk.x86 sle10-sp4-sdk.ia64 sle10-sp4-sdk.ia64 ZYPP Patch Nr: 8336
SLE 11 SP2 DEBUGINFO	`qemu-debuginfo >= 0.10.1-0.5.7.1` `qemu-debugsource >= 0.10.1-0.5.7.1`	sle11-sp2-sdk.x86-64 slepos11-sp2.x86-64 sle11-sp2-sdk.x86 slepos11-sp2.x86 SAT Patch Nr: 6765
SUSE Linux Enterprise Point of Service 11 SP2 SUSE Linux Enterprise Software Development Kit 11 SP2	`qemu >= 0.10.1-0.5.7.1`	sle11-sp2-sdk.x86-64 slepos11-sp2.x86-64 sle11-sp2-sdk.x86 slepos11-sp2.x86 SAT Patch Nr: 6765
SLE 11 SP1 DEBUGINFO	`xen-debuginfo >= 4.0.3_21548_10-0.5.1` `xen-debugsource >= 4.0.3_21548_10-0.5.1`	Builds SAT Patch Nr: 6746
SUSE Linux Enterprise Server 11 SP1 LTSS	`xen >= 4.0.3_21548_10-0.5.1` `xen-doc-html >= 4.0.3_21548_10-0.5.1` `xen-doc-pdf >= 4.0.3_21548_10-0.5.1` `xen-kmp-default >= 4.0.3_21548_10_2.6.32.59_0.7-0.5.1` `xen-kmp-pae >= 4.0.3_21548_10_2.6.32.59_0.7-0.5.1` `xen-kmp-trace >= 4.0.3_21548_10_2.6.32.59_0.7-0.5.1` `xen-libs >= 4.0.3_21548_10-0.5.1` `xen-tools >= 4.0.3_21548_10-0.5.1` `xen-tools-domU >= 4.0.3_21548_10-0.5.1`	Builds SAT Patch Nr: 6746
SUSE Linux Enterprise Server 11 SP1 LTSS	`xen >= 4.0.3_21548_10-0.5.1` `xen-doc-html >= 4.0.3_21548_10-0.5.1` `xen-doc-pdf >= 4.0.3_21548_10-0.5.1` `xen-kmp-default >= 4.0.3_21548_10_2.6.32.59_0.7-0.5.1` `xen-kmp-trace >= 4.0.3_21548_10_2.6.32.59_0.7-0.5.1` `xen-libs >= 4.0.3_21548_10-0.5.1` `xen-tools >= 4.0.3_21548_10-0.5.1` `xen-tools-domU >= 4.0.3_21548_10-0.5.1`	Builds SAT Patch Nr: 6746
SUSE Linux Enterprise 10 SP2 DEBUGINFO for AMD64 and Intel EM64T SUSE Linux Enterprise 10 SP2 DEBUGINFO for x86	`xen-debuginfo >= 3.2.0_16718_26-0.10.1`	sles10-sp2-debuginfo.x86 sles10-sp2-ltss.x86 sles10-sp2-debuginfo.x86-64 sles10-sp2-ltss.x86-64 ZYPP Patch Nr: 8260
SUSE Linux Enterprise Server 10 SP2 for x86	`xen >= 3.2.0_16718_26-0.10.1` `xen-devel >= 3.2.0_16718_26-0.10.1` `xen-doc-html >= 3.2.0_16718_26-0.10.1` `xen-doc-pdf >= 3.2.0_16718_26-0.10.1` `xen-doc-ps >= 3.2.0_16718_26-0.10.1` `xen-kmp-bigsmp >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1` `xen-kmp-debug >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1` `xen-kmp-default >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1` `xen-kmp-kdump >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1` `xen-kmp-smp >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1` `xen-libs >= 3.2.0_16718_26-0.10.1` `xen-tools >= 3.2.0_16718_26-0.10.1` `xen-tools-domU >= 3.2.0_16718_26-0.10.1` `xen-tools-ioemu >= 3.2.0_16718_26-0.10.1`	sles10-sp2-debuginfo.x86 sles10-sp2-ltss.x86 sles10-sp2-debuginfo.x86-64 sles10-sp2-ltss.x86-64 ZYPP Patch Nr: 8260
SUSE Linux Enterprise Server 10 SP2 for AMD64 and Intel EM64T	`xen >= 3.2.0_16718_26-0.10.1` `xen-devel >= 3.2.0_16718_26-0.10.1` `xen-doc-html >= 3.2.0_16718_26-0.10.1` `xen-doc-pdf >= 3.2.0_16718_26-0.10.1` `xen-doc-ps >= 3.2.0_16718_26-0.10.1` `xen-kmp-debug >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1` `xen-kmp-default >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1` `xen-kmp-kdump >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1` `xen-kmp-smp >= 3.2.0_16718_26_2.6.16.60_0.42.54.11-0.10.1` `xen-libs >= 3.2.0_16718_26-0.10.1` `xen-libs-32bit >= 3.2.0_16718_26-0.10.1` `xen-tools >= 3.2.0_16718_26-0.10.1` `xen-tools-domU >= 3.2.0_16718_26-0.10.1` `xen-tools-ioemu >= 3.2.0_16718_26-0.10.1`	sles10-sp2-debuginfo.x86 sles10-sp2-ltss.x86 sles10-sp2-debuginfo.x86-64 sles10-sp2-ltss.x86-64 ZYPP Patch Nr: 8260
SUSE Studio Extension for System z 1.2	`kvm >= 0.12.5-1.24.1`	studioonsite1.2.s390x SAT Patch Nr: 6757
SUSE Studio Onsite 1.2 [Appliance - Studio]	`qemu >= 0.10.1-0.5.7.1`	studioonsite1.2.x86-64 SAT Patch Nr: 6852
SLE 11 SP2 DEBUGINFO	`kvm-debuginfo >= 0.15.1-0.23.1` `kvm-debugsource >= 0.15.1-0.23.1`	sles11-sp2.x86 sles11-sp2.x86-64 sled11-sp2.x86 sled11-sp2.x86-64 SAT Patch Nr: 6755
SUSE Linux Enterprise Desktop 11 SP2 SUSE Linux Enterprise Server 11 SP2	`kvm >= 0.15.1-0.23.1`	sles11-sp2.x86 sles11-sp2.x86-64 sled11-sp2.x86 sled11-sp2.x86-64 SAT Patch Nr: 6755

Products

Products By Category

Collaboration

Endpoint Management

File & Networking Services

Services & Support

Help Yourself

Let Us Help

Download

IT Consulting

Technical Training

Customer Center

Contribute

Partners

Partner With Novell

PartnerNet

Find a Partner

Developers

Communities

About Novell

How to Buy