CVE-2015-3214

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-3214
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

6.9 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 3.4 / Impact : 10.0

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 Patch Vendor Advisory
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 Broken Link Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2015-1507.html Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1508.html Issue Tracking Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1512.html Third Party Advisory
http://www.debian.org/security/2015/dsa-3348 Issue Tracking Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/06/25/7 Mailing List
http://www.securityfocus.com/bid/75273 Third Party Advisory VDB Entry
http://www.securitytracker.com/id/1032598 Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1229640 Issue Tracking
https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924 Patch Third Party Advisory
https://security.gentoo.org/glsa/201510-02 Issue Tracking Third Party Advisory
https://support.lenovo.com/product_security/qemu Third Party Advisory
https://support.lenovo.com/us/en/product_security/qemu Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 Third Party Advisory
https://www.exploit-db.com/exploits/37990/ Third Party Advisory VDB Entry
https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

Configuration 4 (hide)

OR cpe:2.3:o:lenovo:emc_px12-400r_ivx:*:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:emc_px12-450r_ivx:*:*:*:*:*:*:*:*

Configuration 5 (hide)

OR cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.1_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
History

13 Feb 2023, 00:48

Type Values Removed Values Added
Summary An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pit_ioport_read() function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare cases, use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process. The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
References
  • {'url': 'https://access.redhat.com/security/cve/CVE-2015-3214', 'name': 'https://access.redhat.com/security/cve/CVE-2015-3214', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:1508', 'name': 'https://access.redhat.com/errata/RHSA-2015:1508', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:1512', 'name': 'https://access.redhat.com/errata/RHSA-2015:1512', 'tags': [], 'refsource': 'MISC'}
  • {'url': 'https://access.redhat.com/errata/RHSA-2015:1507', 'name': 'https://access.redhat.com/errata/RHSA-2015:1507', 'tags': [], 'refsource': 'MISC'}

02 Feb 2023, 20:20

Type Values Removed Values Added
References
  • {'url': 'https://www.mail-archive.com/qemu-devel@nongnu.org/msg304138.html', 'name': '[qemu-devel] 20150617 Re: [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read()', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'MLIST'}
  • (MISC) https://access.redhat.com/errata/RHSA-2015:1508 -
  • (MISC) https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:1507 -
  • (MISC) https://access.redhat.com/security/cve/CVE-2015-3214 -
  • (MISC) https://access.redhat.com/errata/RHSA-2015:1512 -
Summary The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pit_ioport_read() function. A privileged guest user in a QEMU guest, which had QEMU PIT emulation enabled, could potentially, in rare cases, use this flaw to execute arbitrary code on the host with the privileges of the hosting QEMU process.

20 Feb 2022, 05:55

Type Values Removed Values Added
First Time Redhat enterprise Linux Compute Node Eus
Debian debian Linux
Redhat enterprise Linux Server
Redhat enterprise Linux Server Tus
Lenovo emc Px12-400r Ivx
Redhat enterprise Linux Server Aus
Arista
Redhat openstack
Arista eos
Redhat enterprise Linux For Scientific Computing
Redhat enterprise Linux For Power Big Endian
Lenovo emc Px12-450r Ivx
Redhat enterprise Linux Server Update Services For Sap Solutions
Redhat enterprise Linux For Power Big Endian Eus
Debian
Redhat virtualization
Redhat enterprise Linux Workstation
Redhat enterprise Linux Server From Rhui
Lenovo
Redhat enterprise Linux Server Eus
Redhat
CPE cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.7:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:emc_px12-450r_ivx:*:*:*:*:*:*:*:*
cpe:2.3:o:lenovo:emc_px12-400r_ivx:*:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*
cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.1_ppc64:*:*:*:*:*:*:*
References (MLIST) https://www.mail-archive.com/qemu-devel@nongnu.org/msg304138.html - (MLIST) https://www.mail-archive.com/qemu-devel@nongnu.org/msg304138.html - Mailing List, Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1508.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1508.html - Issue Tracking, Third Party Advisory
References (CONFIRM) https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924 - (CONFIRM) https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924 - Patch, Third Party Advisory
References (CONFIRM) https://support.lenovo.com/us/en/product_security/qemu - (CONFIRM) https://support.lenovo.com/us/en/product_security/qemu - Third Party Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1507.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1507.html - Issue Tracking, Third Party Advisory
References (BID) http://www.securityfocus.com/bid/75273 - (BID) http://www.securityfocus.com/bid/75273 - Third Party Advisory, VDB Entry
References (MLIST) http://www.openwall.com/lists/oss-security/2015/06/25/7 - (MLIST) http://www.openwall.com/lists/oss-security/2015/06/25/7 - Mailing List
References (SECTRACK) http://www.securitytracker.com/id/1032598 - (SECTRACK) http://www.securitytracker.com/id/1032598 - Third Party Advisory, VDB Entry
References (DEBIAN) http://www.debian.org/security/2015/dsa-3348 - (DEBIAN) http://www.debian.org/security/2015/dsa-3348 - Issue Tracking, Third Party Advisory
References (CONFIRM) http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 - (CONFIRM) http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33 - Broken Link, Vendor Advisory
References (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1512.html - (REDHAT) http://rhn.redhat.com/errata/RHSA-2015-1512.html - Third Party Advisory
References (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 - (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 - Third Party Advisory
References (CONFIRM) http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 - (CONFIRM) http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 - Patch, Vendor Advisory
References (EXPLOIT-DB) https://www.exploit-db.com/exploits/37990/ - (EXPLOIT-DB) https://www.exploit-db.com/exploits/37990/ - Third Party Advisory, VDB Entry
References (CONFIRM) https://support.lenovo.com/product_security/qemu - (CONFIRM) https://support.lenovo.com/product_security/qemu - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/201510-02 - (GENTOO) https://security.gentoo.org/glsa/201510-02 - Issue Tracking, Third Party Advisory
References (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1229640 - (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=1229640 - Issue Tracking

26 Jan 2022, 14:15

Type Values Removed Values Added
References
  • (MISC) https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13 -
Information

Published : 2015-08-31 10:59

Updated : 2023-12-10 11:46

NVD link : CVE-2015-3214

Mitre link : CVE-2015-3214

CVE.ORG link : CVE-2015-3214

JSON object : View

Products Affected

redhat

  • enterprise_linux_server
  • enterprise_linux_server_tus
  • enterprise_linux_workstation
  • enterprise_linux_server_eus
  • openstack
  • enterprise_linux_compute_node_eus
  • enterprise_linux_for_power_big_endian_eus
  • enterprise_linux_for_scientific_computing
  • enterprise_linux_server_aus
  • enterprise_linux_server_update_services_for_sap_solutions
  • enterprise_linux_server_from_rhui
  • enterprise_linux_for_power_big_endian
  • virtualization

arista

  • eos

linux

  • linux_kernel

lenovo

  • emc_px12-400r_ivx
  • emc_px12-450r_ivx

debian

  • debian_linux

qemu

  • qemu
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer