CVE-2015-2666

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 27-05-2015 12:59

Last modified: - 21-09-2022 08:44

Total changes: - 2

Description

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

6.9

Base score

3.4

10.0

Exploitability score

Impact score

Verification logic

Reference

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
https://bugzilla.redhat.com/show_bug.cgi?id=1204722
[oss-security] 20150320 Re: CVE Request: Linux kernel execution in the early microcode loader.-
https://github.com/torvalds/linux/commit/f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4
FEDORA-2015-4457-
RHSA-2015:1534-
1032414-

Keywords

CVE-2015-2666

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2015-2666

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures