The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
13 Feb 2023, 00:48
Type | Values Removed | Values Added |
---|---|---|
Summary | The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. | |
References |
|
02 Feb 2023, 20:20
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pit_ioport_read() function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare cases, use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. |
20 Feb 2022, 05:55
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux Compute Node Eus
Debian debian Linux Redhat enterprise Linux Server Redhat enterprise Linux Server Tus Lenovo emc Px12-400r Ivx Redhat enterprise Linux Server Aus Arista Redhat openstack Arista eos Redhat enterprise Linux For Scientific Computing Redhat enterprise Linux For Power Big Endian Lenovo emc Px12-450r Ivx Redhat enterprise Linux Server Update Services For Sap Solutions Redhat enterprise Linux For Power Big Endian Eus Debian Redhat virtualization Redhat enterprise Linux Workstation Redhat enterprise Linux Server From Rhui Lenovo Redhat enterprise Linux Server Eus Redhat |
|
CPE | cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.7:*:*:*:*:*:*:* cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:* cpe:2.3:o:lenovo:emc_px12-450r_ivx:*:*:*:*:*:*:*:* cpe:2.3:o:lenovo:emc_px12-400r_ivx:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.3:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:* cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.1_ppc64:*:*:*:*:*:*:* |
|
References | (MLIST) https://www.mail-archive.com/qemu-devel@nongnu.org/msg304138.html - Mailing List, Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1508.html - Issue Tracking, Third Party Advisory | |
References | (CONFIRM) https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924 - Patch, Third Party Advisory | |
References | (CONFIRM) https://support.lenovo.com/us/en/product_security/qemu - Third Party Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1507.html - Issue Tracking, Third Party Advisory | |
References | (BID) http://www.securityfocus.com/bid/75273 - Third Party Advisory, VDB Entry | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2015/06/25/7 - Mailing List | |
References | (SECTRACK) http://www.securitytracker.com/id/1032598 - Third Party Advisory, VDB Entry | |
References | (DEBIAN) http://www.debian.org/security/2015/dsa-3348 - Issue Tracking, Third Party Advisory | |
References | (CONFIRM) http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 - Broken Link, Vendor Advisory | |
References | (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1512.html - Third Party Advisory | |
References | (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 - Third Party Advisory | |
References | (CONFIRM) http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 - Patch, Vendor Advisory | |
References | (EXPLOIT-DB) https://www.exploit-db.com/exploits/37990/ - Third Party Advisory, VDB Entry | |
References | (CONFIRM) https://support.lenovo.com/product_security/qemu - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201510-02 - Issue Tracking, Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1229640 - Issue Tracking |
26 Jan 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2015-08-31 10:59
Updated : 2023-12-10 11:46
NVD link : CVE-2015-3214
Mitre link : CVE-2015-3214
CVE.ORG link : CVE-2015-3214
JSON object : View
Products Affected
redhat
- enterprise_linux_server
- enterprise_linux_server_tus
- enterprise_linux_workstation
- enterprise_linux_server_eus
- openstack
- enterprise_linux_compute_node_eus
- enterprise_linux_for_power_big_endian_eus
- enterprise_linux_for_scientific_computing
- enterprise_linux_server_aus
- enterprise_linux_server_update_services_for_sap_solutions
- enterprise_linux_server_from_rhui
- enterprise_linux_for_power_big_endian
- virtualization
arista
- eos
linux
- linux_kernel
lenovo
- emc_px12-400r_ivx
- emc_px12-450r_ivx
debian
- debian_linux
qemu
- qemu
CWE
CWE-119
Improper Restriction of Operations within the Bounds of a Memory Buffer