Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2015-3214

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Published

2015-08-31T10:59:07.580

Last Modified

2025-04-12T10:46:40.837

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 6.9 (MEDIUM)

CVSSv2 Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Access Vector: LOCAL
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

3.4

Impact Score

10.0

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	qemu	qemu	≤ 2.3.0	Yes
Operating System	linux	linux_kernel	≤ 2.6.32	Yes
Operating System	arista	eos	4.12	Yes
Operating System	arista	eos	4.13	Yes
Operating System	arista	eos	4.14	Yes
Operating System	arista	eos	4.15	Yes
Operating System	debian	debian_linux	7.0	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	lenovo	emc_px12-400r_ivx	< 1.0.10.33264	Yes
Operating System	lenovo	emc_px12-450r_ivx	< 1.0.10.33264	Yes
Application	redhat	openstack	5.0	Yes
Application	redhat	openstack	6.0	Yes
Application	redhat	virtualization	3.0	Yes
Operating System	redhat	enterprise_linux_compute_node_eus	7.1	Yes
Operating System	redhat	enterprise_linux_compute_node_eus	7.2	Yes
Operating System	redhat	enterprise_linux_compute_node_eus	7.3	Yes
Operating System	redhat	enterprise_linux_compute_node_eus	7.4	Yes
Operating System	redhat	enterprise_linux_compute_node_eus	7.5	Yes
Operating System	redhat	enterprise_linux_compute_node_eus	7.6	Yes
Operating System	redhat	enterprise_linux_compute_node_eus	7.7	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian	7.0	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian_eus	7.1_ppc64	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian_eus	7.2_ppc64	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian_eus	7.3_ppc64	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian_eus	7.4_ppc64	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian_eus	7.5_ppc64	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian_eus	7.6_ppc64	Yes
Operating System	redhat	enterprise_linux_for_power_big_endian_eus	7.7_ppc64	Yes
Operating System	redhat	enterprise_linux_for_scientific_computing	7.0	Yes
Operating System	redhat	enterprise_linux_server	7.0	Yes
Operating System	redhat	enterprise_linux_server_aus	7.3	Yes
Operating System	redhat	enterprise_linux_server_aus	7.4	Yes
Operating System	redhat	enterprise_linux_server_aus	7.6	Yes
Operating System	redhat	enterprise_linux_server_aus	7.7	Yes
Operating System	redhat	enterprise_linux_server_eus	7.1	Yes
Operating System	redhat	enterprise_linux_server_eus	7.2	Yes
Operating System	redhat	enterprise_linux_server_eus	7.3	Yes
Operating System	redhat	enterprise_linux_server_eus	7.4	Yes
Operating System	redhat	enterprise_linux_server_eus	7.5	Yes
Operating System	redhat	enterprise_linux_server_eus	7.6	Yes
Operating System	redhat	enterprise_linux_server_eus	7.7	Yes
Operating System	redhat	enterprise_linux_server_from_rhui	7.0	Yes
Operating System	redhat	enterprise_linux_server_tus	7.3	Yes
Operating System	redhat	enterprise_linux_server_tus	7.6	Yes
Operating System	redhat	enterprise_linux_server_tus	7.7	Yes
Operating System	redhat	enterprise_linux_server_update_services_for_sap_solutions	7.2	Yes
Operating System	redhat	enterprise_linux_server_update_services_for_sap_solutions	7.3	Yes
Operating System	redhat	enterprise_linux_server_update_services_for_sap_solutions	7.4	Yes
Operating System	redhat	enterprise_linux_server_update_services_for_sap_solutions	7.6	Yes
Operating System	redhat	enterprise_linux_server_update_services_for_sap_solutions	7.7	Yes
Operating System	redhat	enterprise_linux_workstation	7.0	Yes

References

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 Patch, Vendor Advisory ([email protected])
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 Broken Link, Vendor Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1507.html Issue Tracking, Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1508.html Issue Tracking, Third Party Advisory ([email protected])
http://rhn.redhat.com/errata/RHSA-2015-1512.html Third Party Advisory ([email protected])
http://www.debian.org/security/2015/dsa-3348 Issue Tracking, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2015/06/25/7 Mailing List ([email protected])
http://www.securityfocus.com/bid/75273 Third Party Advisory, VDB Entry ([email protected])
http://www.securitytracker.com/id/1032598 Third Party Advisory, VDB Entry ([email protected])
https://bugzilla.redhat.com/show_bug.cgi?id=1229640 Issue Tracking ([email protected])
https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924 Patch, Third Party Advisory ([email protected])
https://security.gentoo.org/glsa/201510-02 Issue Tracking, Third Party Advisory ([email protected])
https://support.lenovo.com/product_security/qemu Third Party Advisory ([email protected])
https://support.lenovo.com/us/en/product_security/qemu Third Party Advisory ([email protected])
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 Third Party Advisory ([email protected])
https://www.exploit-db.com/exploits/37990/ Third Party Advisory, VDB Entry ([email protected])
https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html ([email protected])
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 Broken Link, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1507.html Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1508.html Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://rhn.redhat.com/errata/RHSA-2015-1512.html Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.debian.org/security/2015/dsa-3348 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2015/06/25/7 Mailing List (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/75273 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
http://www.securitytracker.com/id/1032598 Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1229640 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201510-02 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.lenovo.com/product_security/qemu Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.lenovo.com/us/en/product_security/qemu Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.exploit-db.com/exploits/37990/ Third Party Advisory, VDB Entry (af854a3a-2127-422b-91ae-364da2661108)
https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html (af854a3a-2127-422b-91ae-364da2661108)