CVE-2015-3214
MEDIUM severity · CVSS 6.9 · Memory corruption
6.9CVSS MEDIUM
Summary
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
Impact & exploitability
Attack vectorLocal
Attack complexity—
Privileges required—
User interaction—
Confidentiality impact—
Integrity impact—
Availability impact—
Exploit probability (EPSS)2%
AV:L/AC:M/Au:N/C:C/I:C/A:C
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.
Official patch: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 ↗
Additional information
- NVD record
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924Patch
- http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1507.htmlAdvisory
- http://rhn.redhat.com/errata/RHSA-2015-1508.htmlAdvisory
- http://rhn.redhat.com/errata/RHSA-2015-1512.htmlAdvisory
- http://www.debian.org/security/2015/dsa-3348Advisory
- http://www.openwall.com/lists/oss-security/2015/06/25/7
- http://www.securityfocus.com/bid/75273Advisory