CVE-2015-3214

EPSS 1.47%
Published 31.08.2015 10:59:07
Last modified 12.04.2025 10:46:40
Source secalert@redhat.com
Teams watchlist Login
Open Login

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Affected products Warnungen 0 Metrics 2 CWE 1 References 20

Data is provided by the National Vulnerability Database (NVD)

Qemu ≫ Qemu Version <= 2.3.0

Linux ≫ Linux Kernel Version <= 2.6.32

Arista ≫ Eos Version4.12

Arista ≫ Eos Version4.13

Arista ≫ Eos Version4.14

Arista ≫ Eos Version4.15

Debian ≫ Debian Linux Version7.0

Debian ≫ Debian Linux Version8.0

Lenovo ≫ Emc Px12-400r Ivx Version < 1.0.10.33264

Lenovo ≫ Emc Px12-450r Ivx Version < 1.0.10.33264

Redhat ≫ Openstack Version5.0

Redhat ≫ Openstack Version6.0

Redhat ≫ Virtualization Version3.0

Redhat ≫ Enterprise Linux Compute Node Eus Version7.1

Redhat ≫ Enterprise Linux Compute Node Eus Version7.2

Redhat ≫ Enterprise Linux Compute Node Eus Version7.3

Redhat ≫ Enterprise Linux Compute Node Eus Version7.4

Redhat ≫ Enterprise Linux Compute Node Eus Version7.5

Redhat ≫ Enterprise Linux Compute Node Eus Version7.6

Redhat ≫ Enterprise Linux Compute Node Eus Version7.7

Redhat ≫ Enterprise Linux For Power Big Endian Version7.0

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.1_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.2_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.3_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.4_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.5_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.6_ppc64

Redhat ≫ Enterprise Linux For Power Big Endian Eus Version7.7_ppc64

Redhat ≫ Enterprise Linux For Scientific Computing Version7.0

Redhat ≫ Enterprise Linux Server Version7.0

Redhat ≫ Enterprise Linux Server Aus Version7.3

Redhat ≫ Enterprise Linux Server Aus Version7.4

Redhat ≫ Enterprise Linux Server Aus Version7.6

Redhat ≫ Enterprise Linux Server Aus Version7.7

Redhat ≫ Enterprise Linux Server Eus Version7.1

Redhat ≫ Enterprise Linux Server Eus Version7.2

Redhat ≫ Enterprise Linux Server Eus Version7.3

Redhat ≫ Enterprise Linux Server Eus Version7.4

Redhat ≫ Enterprise Linux Server Eus Version7.5

Redhat ≫ Enterprise Linux Server Eus Version7.6

Redhat ≫ Enterprise Linux Server Eus Version7.7

Redhat ≫ Enterprise Linux Server From Rhui Version7.0

Redhat ≫ Enterprise Linux Server Tus Version7.3

Redhat ≫ Enterprise Linux Server Tus Version7.6

Redhat ≫ Enterprise Linux Server Tus Version7.7

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.2

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.3

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.4

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.6

Redhat ≫ Enterprise Linux Server Update Services For Sap Solutions Version7.7

Redhat ≫ Enterprise Linux Workstation Version7.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	1.47%	0.801

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.9	3.4	10	AV:L/AC:M/Au:N/C:C/I:C/A:C

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33

Vendor Advisory

Broken Link

https://security.gentoo.org/glsa/201510-02

Third Party Advisory

Issue Tracking

https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-1507.html

Third Party Advisory

Issue Tracking

http://rhn.redhat.com/errata/RHSA-2015-1508.html