CVE-2015-2666
27.05.2015, 10:59
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| linux | linux_kernel | 3.9 ≤ 𝑥 < 3.10.83 |
| linux | linux_kernel | 3.11 ≤ 𝑥 < 3.12.40 |
| linux | linux_kernel | 3.13 ≤ 𝑥 < 3.14.47 |
| linux | linux_kernel | 3.15 ≤ 𝑥 < 3.16.35 |
| linux | linux_kernel | 3.17 ≤ 𝑥 < 3.18.19 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| linux |
| ||||||||||||
| linux-armadaxp |
| ||||||||||||
| linux-ec2 |
| ||||||||||||
| linux-flo |
| ||||||||||||
| linux-fsl-imx51 |
| ||||||||||||
| linux-goldfish |
| ||||||||||||
| linux-grouper |
| ||||||||||||
| linux-linaro-omap |
| ||||||||||||
| linux-linaro-shared |
| ||||||||||||
| linux-linaro-vexpress |
| ||||||||||||
| linux-lts-quantal |
| ||||||||||||
| linux-lts-raring |
| ||||||||||||
| linux-lts-saucy |
| ||||||||||||
| linux-lts-trusty |
| ||||||||||||
| linux-lts-utopic |
| ||||||||||||
| linux-lts-vivid |
| ||||||||||||
| linux-maguro |
| ||||||||||||
| linux-mako |
| ||||||||||||
| linux-manta |
| ||||||||||||
| linux-mvl-dove |
| ||||||||||||
| linux-qcm-msm |
| ||||||||||||
| linux-raspi2 |
| ||||||||||||
| linux-ti-omap4 |
|
openSUSE / SLES Releases
openSUSE Product | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| kernel-default |
| ||||||||||||||||
| kernel-default-base |
| ||||||||||||||||
| kernel-default-man |
| ||||||||||||||||
| kernel-ec2 |
| ||||||||||||||||
| kernel-ec2-extra |
| ||||||||||||||||
| kernel-macros |
| ||||||||||||||||
| kernel-source |
| ||||||||||||||||
| kernel-syms |
| ||||||||||||||||
| kernel-xen |
| ||||||||||||||||
| kernel-xen-base |
|
Red Hat Enterprise Linux Releases
Red Hat Product | |||
|---|---|---|---|
| kernel |
| ||
| kernel-abi-whitelists |
| ||
| kernel-bootwrapper |
| ||
| kernel-debug |
| ||
| kernel-debug-devel |
| ||
| kernel-devel |
| ||
| kernel-doc |
| ||
| kernel-headers |
| ||
| kernel-kdump |
| ||
| kernel-kdump-devel |
| ||
| kernel-rt |
| ||
| kernel-rt-debug |
| ||
| kernel-rt-debug-devel |
| ||
| kernel-rt-devel |
| ||
| kernel-rt-doc |
| ||
| kernel-rt-trace |
| ||
| kernel-rt-trace-devel |
| ||
| kernel-tools |
| ||
| kernel-tools-libs |
| ||
| kernel-tools-libs-devel |
| ||
| perf |
| ||
| python-perf |
|
Common Weakness Enumeration
References