CVE-2015-3214

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

CVSS v2.0 6.9 MEDIUM

6.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924	Patch Vendor Advisory
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33	Broken Link Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1507.html	Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1508.html	Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1512.html	Third Party Advisory
http://www.debian.org/security/2015/dsa-3348	Issue Tracking Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/06/25/7	Mailing List
http://www.securityfocus.com/bid/75273	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032598	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1229640	Issue Tracking
https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924	Patch Third Party Advisory
https://security.gentoo.org/glsa/201510-02	Issue Tracking Third Party Advisory
https://support.lenovo.com/product_security/qemu	Third Party Advisory
https://support.lenovo.com/us/en/product_security/qemu	Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13	Third Party Advisory
https://www.exploit-db.com/exploits/37990/	Third Party Advisory VDB Entry
https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924	Patch Vendor Advisory
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33	Broken Link Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1507.html	Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1508.html	Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1512.html	Third Party Advisory
http://www.debian.org/security/2015/dsa-3348	Issue Tracking Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/06/25/7	Mailing List
http://www.securityfocus.com/bid/75273	Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032598	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1229640	Issue Tracking
https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924	Patch Third Party Advisory
https://security.gentoo.org/glsa/201510-02	Issue Tracking Third Party Advisory
https://support.lenovo.com/product_security/qemu	Third Party Advisory
https://support.lenovo.com/us/en/product_security/qemu	Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13	Third Party Advisory
https://www.exploit-db.com/exploits/37990/	Third Party Advisory VDB Entry
https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:qemu:qemu::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 (hide)

OR	cpe:2.3:o:arista:eos:4.12:::::::*
	cpe:2.3:o:arista:eos:4.13:::::::*
	cpe:2.3:o:arista:eos:4.14:::::::*
	cpe:2.3:o:arista:eos:4.15:::::::*

Configuration 3 (hide)

OR	cpe:2.3:o:debian:debian_linux:7.0:::::::*
	cpe:2.3:o:debian:debian_linux:8.0:::::::*

Configuration 4 (hide)

OR	cpe:2.3:o:lenovo:emc_px12-400r_ivx::::::::
	cpe:2.3:o:lenovo:emc_px12-450r_ivx::::::::

Configuration 5 (hide)

OR	cpe:2.3:a:redhat:openstack:5.0:::::::*
	cpe:2.3:a:redhat:openstack:6.0:::::::*
	cpe:2.3:a:redhat:virtualization:3.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.1_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.2:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:::::::*
	cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:::::::*
	cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*

History

21 Nov 2024, 02:28

20 Feb 2022, 05:55

26 Jan 2022, 14:15

Type	Values Removed	Values Added
References		(MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 -

Information

Published : 2015-08-31 10:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-3214

Mitre link : CVE-2015-3214

CVE.ORG link : CVE-2015-3214

JSON object : View

Products Affected

qemu

qemu

arista

redhat

enterprise_linux_server_eus
enterprise_linux_workstation
enterprise_linux_server
openstack
virtualization
enterprise_linux_for_power_big_endian_eus
enterprise_linux_server_from_rhui
enterprise_linux_server_tus
enterprise_linux_server_update_services_for_sap_solutions
enterprise_linux_for_scientific_computing
enterprise_linux_for_power_big_endian
enterprise_linux_server_aus
enterprise_linux_compute_node_eus

linux

linux_kernel

debian

debian_linux

lenovo

emc_px12-450r_ivx
emc_px12-400r_ivx

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

6.9 /10