CVE-2012-3515

high

Published 2012-11-23 · Modified 2026-04-29

CVSS v3

—

CVSS v2

7.2

VIR risk

7.2

Description

Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2012-3515

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://www.openwall.com/lists/oss-security/2012/09/05/10

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://wiki.xen.org/wiki/Security_Announcements#XSA-17_Qemu_VT100_emulation_vulnerability

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — http://lists.xen.org/archives/html/xen-announce/2012-09/msg00003.html

OS impact

OS	Version	Status	Fixed in
suse	11.4	affected
suse	12.1	affected
suse	12.2	affected
suse	10	affected
suse	11	affected
rhel	6.0	not-affected
rhel	5.0	affected
rhel	6.3	affected
debian	6.0	affected
debian	7.0	affected
ubuntu	10.04	affected
ubuntu	11.04	affected
ubuntu	11.10	affected
ubuntu	12.04	affected
debian	bookworm	fixed	`1.1.2+dfsg-1`
debian	bullseye	fixed	`1.1.2+dfsg-1`
debian	forky	fixed	`1.1.2+dfsg-1`
debian	sid	fixed	`1.1.2+dfsg-1`
debian	trixie	fixed	`1.1.2+dfsg-1`

Application impact

Vendor	Product	Versions	Fixed
qemu	qemu	`{"endExcluding":"1.2.0"}`	`1.2.0`
redhat	virtualization	`3.0`
redhat	virtualization	`5.0`
redhat	virtualization	`6.0`

References

CWEs

CWE-20

Verify integrity in audit chain (admin only). AS-IS.