CVE-2015-3214

high

Description

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

References

https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html

https://www.exploit-db.com/exploits/37990/

https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13

https://support.lenovo.com/us/en/product_security/qemu

https://support.lenovo.com/product_security/qemu

https://security.gentoo.org/glsa/201510-02

https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924

https://bugzilla.redhat.com/show_bug.cgi?id=1229640

http://www.securitytracker.com/id/1032598

http://www.securityfocus.com/bid/75273

http://www.openwall.com/lists/oss-security/2015/06/25/7

http://www.debian.org/security/2015/dsa-3348

http://rhn.redhat.com/errata/RHSA-2015-1512.html

http://rhn.redhat.com/errata/RHSA-2015-1508.html

http://rhn.redhat.com/errata/RHSA-2015-1507.html

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924

Details

Source: Mitre, NVD

Published: 2015-08-31

Updated: 2023-02-13

Risk Information

CVSS v2

Base Score: 6.9

Vector: CVSS2#AV:L/AC:M/Au:N/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Severity: High