Vulnerability Description
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qemu | Qemu | <= 2.3.0 |
| Linux | Linux Kernel | <= 2.6.32 |
| Arista | Eos | 4.12 |
| Debian | Debian Linux | 7.0 |
| Lenovo | Emc Px12-400R Ivx | < 1.0.10.33264 |
| Lenovo | Emc Px12-450R Ivx | < 1.0.10.33264 |
| Redhat | Openstack | 5.0 |
| Redhat | Virtualization | 3.0 |
| Redhat | Enterprise Linux Compute Node Eus | 7.1 |
| Redhat | Enterprise Linux For Power Big Endian | 7.0 |
| Redhat | Enterprise Linux For Power Big Endian Eus | 7.1_ppc64 |
| Redhat | Enterprise Linux For Scientific Computing | 7.0 |
| Redhat | Enterprise Linux Server | 7.0 |
| Redhat | Enterprise Linux Server Aus | 7.3 |
| Redhat | Enterprise Linux Server Eus | 7.1 |
| Redhat | Enterprise Linux Server From Rhui | 7.0 |
| Redhat | Enterprise Linux Server Tus | 7.3 |
| Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.2 |
| Redhat | Enterprise Linux Workstation | 7.0 |
Related Weaknesses (CWE)
References
- http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f6PatchVendor Advisory
- http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33Broken LinkVendor Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1507.htmlIssue TrackingThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1508.htmlIssue TrackingThird Party Advisory
- http://rhn.redhat.com/errata/RHSA-2015-1512.htmlThird Party Advisory
- http://www.debian.org/security/2015/dsa-3348Issue TrackingThird Party Advisory
- http://www.openwall.com/lists/oss-security/2015/06/25/7Mailing List
- http://www.securityfocus.com/bid/75273Third Party AdvisoryVDB Entry
- http://www.securitytracker.com/id/1032598Third Party AdvisoryVDB Entry
- https://bugzilla.redhat.com/show_bug.cgi?id=1229640Issue Tracking
- https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd7992PatchThird Party Advisory
- https://security.gentoo.org/glsa/201510-02Issue TrackingThird Party Advisory
- https://support.lenovo.com/product_security/qemuThird Party Advisory
- https://support.lenovo.com/us/en/product_security/qemuThird Party Advisory
- https://www.arista.com/en/support/advisories-notices/security-advisories/1180-seThird Party Advisory
FAQ
What is CVE-2015-3214?
CVE-2015-3214 is a vulnerability with a CVSS score of 6.9 (MEDIUM). The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrar...
How severe is CVE-2015-3214?
CVE-2015-3214 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3214?
Check the references section above for vendor advisories and patch information. Affected products include: Qemu Qemu, Linux Linux Kernel, Arista Eos, Debian Debian Linux, Lenovo Emc Px12-400R Ivx.