CVE-2015-3214

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 31-08-2015 12:59

Last modified: - 20-02-2022 06:55

Total changes: - 3

Description

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Common Vulnerability Scoring System (CVSS)

AV:L/AC:M/Au:N/C:C/I:C/A:C

Low

Attack complexity

Local

Attack vector

High

Availability

High

Confidentiality

High

Integrity

Privileges required

Scope

User interaction

6.9

Base score

3.4

10.0

Exploitability score

Impact score

Verification logic

vendor=qemu AND product=qemu AND versionEndIncluding=2.3.0

vendor=linux AND product=linux_kernel AND versionEndIncluding=2.6.32

vendor=arista AND product=eos AND version=4.12

vendor=arista AND product=eos AND version=4.13

vendor=arista AND product=eos AND version=4.14

vendor=arista AND product=eos AND version=4.15

vendor=Debian AND product=debian_linux AND version=7.0

vendor=Debian AND product=debian_linux AND version=8.0

vendor=lenovo AND product=emc_px12-400r_ivx AND versionEndExcluding=1.0.10.33264

vendor=lenovo AND product=emc_px12-450r_ivx AND versionEndExcluding=1.0.10.33264

vendor=Red Hat Enterprise Linux AND product=openstack AND version=5.0

vendor=Red Hat Enterprise Linux AND product=openstack AND version=6.0

vendor=Red Hat Enterprise Linux AND product=virtualization AND version=3.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.5

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_compute_node_eus AND version=7.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian AND version=7.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.1_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.2_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.3_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.4_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.5_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.6_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_power_big_endian_eus AND version=7.7_ppc64

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_for_scientific_computing AND version=7.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server AND version=7.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_aus AND version=7.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.1

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.5

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_eus AND version=7.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_from_rhui AND version=7.0

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_tus AND version=7.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=7.2

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=7.3

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=7.4

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=7.6

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_server_update_services_for_sap_solutions AND version=7.7

vendor=Red Hat Enterprise Linux AND product=enterprise_linux_workstation AND version=7.0

Reference

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924
https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924
https://bugzilla.redhat.com/show_bug.cgi?id=1229640
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33
[oss-security] 20150625 Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function-Mailing List
GLSA-201510-02-Issue Tracking, Third Party Advisory
75273-Third Party Advisory, VDB Entry
[qemu-devel] 20150617 Re: [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read()-Mailing List, Third Party Advisory
https://support.lenovo.com/product_security/qemu
1032598-Third Party Advisory, VDB Entry
https://support.lenovo.com/us/en/product_security/qemu
RHSA-2015:1512-Third Party Advisory
RHSA-2015:1508-Issue Tracking, Third Party Advisory
RHSA-2015:1507-Issue Tracking, Third Party Advisory
37990-Third Party Advisory, VDB Entry
DSA-3348-Issue Tracking, Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13

Keywords

CVE-2015-3214

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2015-3214

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures