Local OS Guest User Privilege Escalation in Qemu by Device Emulation
CVE-2012-3515

Currently unrated

Key Information:

Vendor

Xen Project
Status
Xen
Qemu
Vendor
CVE Published:
23 November 2012

What is CVE-2012-3515?

The Qemu virtualization software, used in Xen versions 4.0 and 4.1, contains a vulnerability that allows attackers with local access to the OS guest to escalate their privileges. This is achieved through a specially crafted escape VT100 sequence that can lead to the overwrite of the device model's address space during device emulation. Such an exploitation could allow an attacker to gain elevated privileges within the guest environment, posing serious risks to the integrity and security of the system. Users are urged to review their configurations and implement the necessary patches provided by the vendor to mitigate this potential threat.

References

http://secunia.com/advisories/55082
third-party-advisoryx_refsource_SECUNIA
http://secunia.com/advisories/50528
third-party-advisoryx_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-1234.html
vendor-advisoryx_refsource_REDHAT

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.