CVE-2012-3515
xen-qemu-dm-4.0 - multiple
EPSS 0.10%
Description
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
How to fix CVE-2012-3515
To remediate CVE-2012-3515, upgrade the affected package to a fixed version below.
- Debian/qemu—upgrade to 1.1.2+dfsg-1 or later
- Debian/xen—upgrade to 4.1.3-2 or later
- Debian/xen-qemu-dm-4.0—upgrade to 4.0.1-2+squeeze2 or later
Is CVE-2012-3515 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1.1.2+dfsg-1
- from 0, < 4.1.3-2
- from 0, < 4.0.1-2+squeeze2