CVE-2015-3214

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.9 UNKNOWN
LOCAL
MEDIUM
AV:L/AC:M/Au:N/C:C/I:C/A:C
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
Affected Products (NVD)
VendorProductVersion
qemuqemu
𝑥
≤ 2.3.0
linuxlinux_kernel
𝑥
≤ 2.6.32
aristaeos
4.12
aristaeos
4.13
aristaeos
4.14
aristaeos
4.15
debiandebian_linux
7.0
debiandebian_linux
8.0
lenovoemc_px12-400r_ivx
𝑥
< 1.0.10.33264
lenovoemc_px12-450r_ivx
𝑥
< 1.0.10.33264
redhatopenstack
5.0
redhatopenstack
6.0
redhatvirtualization
3.0
redhatenterprise_linux_compute_node_eus
7.1
redhatenterprise_linux_compute_node_eus
7.2
redhatenterprise_linux_compute_node_eus
7.3
redhatenterprise_linux_compute_node_eus
7.4
redhatenterprise_linux_compute_node_eus
7.5
redhatenterprise_linux_compute_node_eus
7.6
redhatenterprise_linux_compute_node_eus
7.7
redhatenterprise_linux_for_power_big_endian
7.0
redhatenterprise_linux_for_power_big_endian_eus
7.1_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
7.2_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
7.3_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
7.4_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
7.5_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
7.6_ppc64:_ppc64
redhatenterprise_linux_for_power_big_endian_eus
7.7_ppc64:_ppc64
redhatenterprise_linux_for_scientific_computing
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_server_aus
7.3
redhatenterprise_linux_server_aus
7.4
redhatenterprise_linux_server_aus
7.6
redhatenterprise_linux_server_aus
7.7
redhatenterprise_linux_server_eus
7.1
redhatenterprise_linux_server_eus
7.2
redhatenterprise_linux_server_eus
7.3
redhatenterprise_linux_server_eus
7.4
redhatenterprise_linux_server_eus
7.5
redhatenterprise_linux_server_eus
7.6
redhatenterprise_linux_server_eus
7.7
redhatenterprise_linux_server_from_rhui
7.0
redhatenterprise_linux_server_tus
7.3
redhatenterprise_linux_server_tus
7.6
redhatenterprise_linux_server_tus
7.7
redhatenterprise_linux_server_update_services_for_sap_solutions
7.2
redhatenterprise_linux_server_update_services_for_sap_solutions
7.3
redhatenterprise_linux_server_update_services_for_sap_solutions
7.4
redhatenterprise_linux_server_update_services_for_sap_solutions
7.6
redhatenterprise_linux_server_update_services_for_sap_solutions
7.7
redhatenterprise_linux_workstation
7.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
linux
bookworm
6.1.106-3
fixed
bookworm (security)
6.1.112-1
fixed
bullseye
5.10.223-1
fixed
bullseye (security)
5.10.226-1
fixed
sid
6.11.6-1
fixed
squeeze
no-dsa
trixie
6.11.5-1
fixed
wheezy
not-affected
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
sid
1:9.1.1+ds-2
fixed
squeeze
no-dsa
trixie
1:9.1.1+ds-2
fixed
wheezy
not-affected
xen
bookworm
4.17.3+10-g091466ba55-1~deb12u1
fixed
bullseye
4.14.6-1
fixed
bullseye (security)
4.14.5+94-ge49571868d-1
fixed
sid
4.17.3+36-g54dacb5c02-1
fixed
squeeze
no-dsa
trixie
4.17.3+36-g54dacb5c02-1
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
qemu
precise
dne
trusty
Fixed 2.0.0+dfsg-2ubuntu1.15
released
utopic
ignored
vivid
Fixed 1:2.2+dfsg-5expubuntu9.3
released
qemu-kvm
precise
not-affected
trusty
dne
utopic
dne
vivid
dne
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
libcacard
RHEL 7
10:1.5.3-86.el7_1.5
fixed
libcacard-devel
RHEL 7
10:1.5.3-86.el7_1.5
fixed
libcacard-tools
RHEL 7
10:1.5.3-86.el7_1.5
fixed
qemu-img
RHEL 7
10:1.5.3-86.el7_1.5
fixed
qemu-kvm
RHEL 7
10:1.5.3-86.el7_1.5
fixed
qemu-kvm-common
RHEL 7
10:1.5.3-86.el7_1.5
fixed
qemu-kvm-tools
RHEL 7
10:1.5.3-86.el7_1.5
fixed
Common Weakness Enumeration
References
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33
http://rhn.redhat.com/errata/RHSA-2015-1507.html
http://rhn.redhat.com/errata/RHSA-2015-1508.html
http://rhn.redhat.com/errata/RHSA-2015-1512.html
http://www.debian.org/security/2015/dsa-3348
http://www.openwall.com/lists/oss-security/2015/06/25/7
http://www.securityfocus.com/bid/75273
http://www.securitytracker.com/id/1032598
https://bugzilla.redhat.com/show_bug.cgi?id=1229640
https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924
https://security.gentoo.org/glsa/201510-02
https://support.lenovo.com/product_security/qemu
https://support.lenovo.com/us/en/product_security/qemu
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13
https://www.exploit-db.com/exploits/37990/
https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33
http://rhn.redhat.com/errata/RHSA-2015-1507.html
http://rhn.redhat.com/errata/RHSA-2015-1508.html
http://rhn.redhat.com/errata/RHSA-2015-1512.html
http://www.debian.org/security/2015/dsa-3348
http://www.openwall.com/lists/oss-security/2015/06/25/7
http://www.securityfocus.com/bid/75273
http://www.securitytracker.com/id/1032598
https://bugzilla.redhat.com/show_bug.cgi?id=1229640
https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924
https://security.gentoo.org/glsa/201510-02
https://support.lenovo.com/product_security/qemu
https://support.lenovo.com/us/en/product_security/qemu
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13
https://www.exploit-db.com/exploits/37990/
https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html