{
  "threat_severity" : "Important",
  "public_date" : "2012-09-05T00:00:00Z",
  "bugzilla" : {
    "description" : "qemu: VT100 emulation vulnerability",
    "id" : "851252",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=851252"
  },
  "cvss" : {
    "cvss_base_score" : "7.4",
    "cvss_scoring_vector" : "AV:A/AC:M/Au:S/C:C/I:C/A:C",
    "status" : "verified"
  },
  "cwe" : "CWE-839->CWE-119",
  "details" : [ "Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a \"device model's address space.\"" ],
  "statement" : "This issue did affect the versions of xen package as shipped with Red Hat\nEnterprise Linux 5.\nThis issue did affect the versions of kvm package as shipped with Red Hat\nEnterprise Linux 5.\nThis issue did affect the versions of qemu-kvm package as shipped with Red Hat\nEnterprise Linux 6.",
  "acknowledgement" : "Red Hat would like to thank Xen project for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-09-05T00:00:00Z",
    "advisory" : "RHSA-2012:1235",
    "cpe" : "cpe:/a:redhat:rhel_virtualization:5",
    "package" : "kvm-0:83-249.el5_8.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 5",
    "release_date" : "2012-09-05T00:00:00Z",
    "advisory" : "RHSA-2012:1236",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5",
    "package" : "xen-0:3.0.3-135.el5_8.5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "release_date" : "2012-09-05T00:00:00Z",
    "advisory" : "RHSA-2012:1234",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6",
    "package" : "qemu-kvm-2:0.12.1.2-2.295.el6_3.2"
  }, {
    "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6",
    "release_date" : "2012-09-05T00:00:00Z",
    "advisory" : "RHSA-2012:1233",
    "cpe" : "cpe:/a:redhat:enterprise_linux:6::hypervisor",
    "package" : "qemu-kvm-rhev-2:0.12.1.2-2.295.el6_3.2"
  }, {
    "product_name" : "RHEV 3.X Hypervisor and Agents for RHEL-6",
    "release_date" : "2012-10-02T00:00:00Z",
    "advisory" : "RHSA-2012:1325",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6::hypervisor",
    "package" : "rhev-hypervisor6-0:6.3-20120926.0.el6_3"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Affected",
    "package_name" : "kvm",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2012-3515\nhttps://nvd.nist.gov/vuln/detail/CVE-2012-3515" ],
  "name" : "CVE-2012-3515",
  "csaw" : false
}