DSA-2542-1 qemu-kvm -- multipleID: oval:org.secpod.oval:def:600882 | Date: (C)2012-09-13 (M)2023-02-20 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been discovered in qemu-kvm, a full virtualization solution on x86 hardware. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2012-2652: The snapshot mode of Qemu incorrectly handles temporary files used to store the current state, making it vulnerable to symlink attacks due to a race condition. CVE-2012-3515: Qemu does not properly handle VT100 escape sequences when emulating certain devices with a virtual console backend. An attacker within a guest with access to the vulnerable virtual console could overwrite memory of Qemu and escalate privileges to that of the qemu process.