QwikSec

Security Database

CVE

CWE

Training

CVE-2015-3214

Published: Aug 31, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://support.lenovo.com/product_security/qemu

x_refsource_CONFIRM

https://bugzilla.redhat.com/show_bug.cgi?id=1229640

x_refsource_CONFIRM

https://support.lenovo.com/us/en/product_security/qemu

x_refsource_CONFIRM

exploit

x_refsource_EXPLOIT-DB

vendor-advisory

x_refsource_GENTOO

https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_REDHAT

http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33

x_refsource_CONFIRM

http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_SECTRACK

vdb-entry

x_refsource_BID

[oss-security] 20150625 Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function

mailing-list

x_refsource_MLIST

[qemu-devel] 20150617 Re: [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read()

mailing-list

x_refsource_MLIST

https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.