Vulnerabilites related to lenovo - emc_px12-400r_ivx
Vulnerability from fkie_nvd
Published
2015-08-31 10:59
Modified
2025-04-12 10:46
Severity ?
Summary
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
References
[email protected]http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924Patch, Vendor Advisory
[email protected]http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33Broken Link, Vendor Advisory
[email protected]http://rhn.redhat.com/errata/RHSA-2015-1507.htmlIssue Tracking, Third Party Advisory
[email protected]http://rhn.redhat.com/errata/RHSA-2015-1508.htmlIssue Tracking, Third Party Advisory
[email protected]http://rhn.redhat.com/errata/RHSA-2015-1512.htmlThird Party Advisory
[email protected]http://www.debian.org/security/2015/dsa-3348Issue Tracking, Third Party Advisory
[email protected]http://www.openwall.com/lists/oss-security/2015/06/25/7Mailing List
[email protected]http://www.securityfocus.com/bid/75273Third Party Advisory, VDB Entry
[email protected]http://www.securitytracker.com/id/1032598Third Party Advisory, VDB Entry
[email protected]https://bugzilla.redhat.com/show_bug.cgi?id=1229640Issue Tracking
[email protected]https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924Patch, Third Party Advisory
[email protected]https://security.gentoo.org/glsa/201510-02Issue Tracking, Third Party Advisory
[email protected]https://support.lenovo.com/product_security/qemuThird Party Advisory
[email protected]https://support.lenovo.com/us/en/product_security/qemuThird Party Advisory
[email protected]https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13Third Party Advisory
[email protected]https://www.exploit-db.com/exploits/37990/Third Party Advisory, VDB Entry
[email protected]https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html
af854a3a-2127-422b-91ae-364da2661108http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33Broken Link, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1507.htmlIssue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1508.htmlIssue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2015-1512.htmlThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2015/dsa-3348Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2015/06/25/7Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/75273Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1032598Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=1229640Issue Tracking
af854a3a-2127-422b-91ae-364da2661108https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://security.gentoo.org/glsa/201510-02Issue Tracking, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.lenovo.com/product_security/qemuThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.lenovo.com/us/en/product_security/qemuThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.exploit-db.com/exploits/37990/Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html
Impacted products
Vendor Product Version
qemu qemu *
linux linux_kernel *
arista eos 4.12
arista eos 4.13
arista eos 4.14
arista eos 4.15
debian debian_linux 7.0
debian debian_linux 8.0
lenovo emc_px12-400r_ivx *
lenovo emc_px12-450r_ivx *
redhat openstack 5.0
redhat openstack 6.0
redhat virtualization 3.0
redhat enterprise_linux_compute_node_eus 7.1
redhat enterprise_linux_compute_node_eus 7.2
redhat enterprise_linux_compute_node_eus 7.3
redhat enterprise_linux_compute_node_eus 7.4
redhat enterprise_linux_compute_node_eus 7.5
redhat enterprise_linux_compute_node_eus 7.6
redhat enterprise_linux_compute_node_eus 7.7
redhat enterprise_linux_for_power_big_endian 7.0
redhat enterprise_linux_for_power_big_endian_eus 7.1_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.2_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.3_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.4_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.5_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.6_ppc64
redhat enterprise_linux_for_power_big_endian_eus 7.7_ppc64
redhat enterprise_linux_for_scientific_computing 7.0
redhat enterprise_linux_server 7.0
redhat enterprise_linux_server_aus 7.3
redhat enterprise_linux_server_aus 7.4
redhat enterprise_linux_server_aus 7.6
redhat enterprise_linux_server_aus 7.7
redhat enterprise_linux_server_eus 7.1
redhat enterprise_linux_server_eus 7.2
redhat enterprise_linux_server_eus 7.3
redhat enterprise_linux_server_eus 7.4
redhat enterprise_linux_server_eus 7.5
redhat enterprise_linux_server_eus 7.6
redhat enterprise_linux_server_eus 7.7
redhat enterprise_linux_server_from_rhui 7.0
redhat enterprise_linux_server_tus 7.3
redhat enterprise_linux_server_tus 7.6
redhat enterprise_linux_server_tus 7.7
redhat enterprise_linux_server_update_services_for_sap_solutions 7.2
redhat enterprise_linux_server_update_services_for_sap_solutions 7.3
redhat enterprise_linux_server_update_services_for_sap_solutions 7.4
redhat enterprise_linux_server_update_services_for_sap_solutions 7.6
redhat enterprise_linux_server_update_services_for_sap_solutions 7.7
redhat enterprise_linux_workstation 7.0


To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABF17A18-4BE8-41B7-B50C-F4A137B3B2F1",
              "versionEndIncluding": "2.3.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4367A8B9-ABB9-4E4E-9A2A-85719CBE8DAC",
              "versionEndIncluding": "2.6.32",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:arista:eos:4.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "FDDF9823-D999-41A4-BB7B-A63C00ACE11B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:4.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "51F7426A-46F7-4BE0-806F-F4598C8B0426",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:4.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7F71EBA-27AC-464B-8708-4E8971BC75A7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:arista:eos:4.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "8705CF80-DEFC-4425-8E23-D98FFD678157",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:lenovo:emc_px12-400r_ivx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "19E383C6-5DB4-4D42-BC8E-70CEA527FAEF",
              "versionEndExcluding": "1.0.10.33264",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:lenovo:emc_px12-450r_ivx:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "811FD71F-FC60-478B-B257-A7019AE6F88A",
              "versionEndExcluding": "1.0.10.33264",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openstack:5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "B152EDF3-3140-4343-802F-F4F1C329F5C3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:openstack:6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "31EC146C-A6F6-4C0D-AF87-685286262DAA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D86166F9-BBF0-4650-8CCD-0F9C97104D21",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9835B192-FE11-4FB6-B1D8-C47530A46014",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "19F5A4C6-E90F-4B33-8B28-D57FC36E3866",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39E542B7-500F-4B9E-B712-886C593525E9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D9F97AEB-F4DB-4F1F-A69C-5EF8CBBFAFE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0C69E57-48DE-467F-8ADD-B4601CE1611E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "35A9FD70-E9CA-43AF-A453-E41EAB430E7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_compute_node_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "742A198F-D40F-4B32-BB9C-C5EF5B09C3E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "1CDCFF34-6F1D-45A1-BE37-6A0E17B04801",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.1_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B6ED0AA-CD87-47A5-8E82-C9C7BD14F1AE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.2_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E5B5F9E-D749-45E5-8538-7CED9620C00C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.3_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "188019BF-3700-4B3F-BFA5-553B2B545B7F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.4_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B8B2E32-B838-4E51-BAA2-764089D2A684",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.5_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "4319B943-7B19-468D-A160-5895F7F997A3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.6_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "39C1ABF5-4070-4AA7-BAB8-4F63E1BD91FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian_eus:7.7_ppc64:*:*:*:*:*:*:*",
              "matchCriteriaId": "8036E2AE-4E44-4FA5-AFFB-A3724BFDD654",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "37CE1DC7-72C5-483C-8921-0B462C8284D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "98381E61-F082-4302-B51F-5648884F998B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D99A687E-EAE6-417E-A88E-D0082BC194CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B353CE99-D57C-465B-AAB0-73EF581127D1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "7431ABC1-9252-419E-8CC1-311B41360078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E8CD4EF-DC90-40BB-A721-6EC087507906",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "44B067C7-735E-43C9-9188-7E1522A02491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "A8442C20-41F9-47FD-9A12-E724D3A31FD7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9EC0D196-F7B8-4BDD-9050-779F7A7FBEE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4E9DD8A-A68B-4A69-8B01-BFF92A2020A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF77CDCF-B9C9-427D-B2BF-36650FB2148C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "21690BAC-2129-4A33-9B48-1F3BF30072A9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_from_rhui:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F732C7C9-A9CC-4DEF-A8BE-D0F18C944C78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "24C0F4E1-C52C-41E0-9F14-F83ADD5CC7ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "B76AA310-FEC7-497F-AF04-C3EC1E76C4CC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "17F256A9-D3B9-4C72-B013-4EFD878BFEA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "55DF5F02-550E-41E0-86A3-862F2785270C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA5F8426-5EEB-4013-BE49-8E705DA140B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C7E9628-0915-4C49-8929-F5E060A20CBB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "5C450C83-695F-4408-8B4F-0E7D6DDAE345",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "3707B08D-8A78-48CB-914C-33A753D13FC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad en pit_ioport_read en i8254.c en el kernel de Linux en versiones anteriores a 2.6.33 y en QEMU en versiones anteriores a 2.3.1, no distingue entre longitudes de lectura y longitudes de escritura, lo que podr\u00eda permitir a los usuarios invitados del SO ejecutar c\u00f3digo arbitrario en el host del SO desencadenando el uso de un \u00edndice no v\u00e1lido."
    }
  ],
  "id": "CVE-2015-3214",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "[email protected]",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-08-31T10:59:07.580",
  "references": [
    {
      "source": "[email protected]",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3348"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/06/25/7"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75273"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032598"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201510-02"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.lenovo.com/product_security/qemu"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/qemu"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
    },
    {
      "source": "[email protected]",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37990/"
    },
    {
      "source": "[email protected]",
      "url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link",
        "Vendor Advisory"
      ],
      "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3348"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List"
      ],
      "url": "http://www.openwall.com/lists/oss-security/2015/06/25/7"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/75273"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securitytracker.com/id/1032598"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Third Party Advisory"
      ],
      "url": "https://security.gentoo.org/glsa/201510-02"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.lenovo.com/product_security/qemu"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://support.lenovo.com/us/en/product_security/qemu"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "https://www.exploit-db.com/exploits/37990/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html"
    }
  ],
  "sourceIdentifier": "[email protected]",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "[email protected]",
      "type": "Primary"
    }
  ]
}

cve-2015-3214
Vulnerability from cvelistv5
Published
2015-08-31 10:00
Modified
2024-08-06 05:39
Severity ?
Summary
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
References
https://support.lenovo.com/product_security/qemux_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=1229640x_refsource_CONFIRM
https://support.lenovo.com/us/en/product_security/qemux_refsource_CONFIRM
https://www.exploit-db.com/exploits/37990/exploit, x_refsource_EXPLOIT-DB
https://security.gentoo.org/glsa/201510-02vendor-advisory, x_refsource_GENTOO
https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924x_refsource_CONFIRM
http://www.debian.org/security/2015/dsa-3348vendor-advisory, x_refsource_DEBIAN
http://rhn.redhat.com/errata/RHSA-2015-1508.htmlvendor-advisory, x_refsource_REDHAT
http://rhn.redhat.com/errata/RHSA-2015-1507.htmlvendor-advisory, x_refsource_REDHAT
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33x_refsource_CONFIRM
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2015-1512.htmlvendor-advisory, x_refsource_REDHAT
http://www.securitytracker.com/id/1032598vdb-entry, x_refsource_SECTRACK
http://www.securityfocus.com/bid/75273vdb-entry, x_refsource_BID
http://www.openwall.com/lists/oss-security/2015/06/25/7mailing-list, x_refsource_MLIST
https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.htmlmailing-list, x_refsource_MLIST
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13x_refsource_MISC
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:31.960Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/product_security/qemu"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.lenovo.com/us/en/product_security/qemu"
          },
          {
            "name": "37990",
            "tags": [
              "exploit",
              "x_refsource_EXPLOIT-DB",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/37990/"
          },
          {
            "name": "GLSA-201510-02",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-02"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924"
          },
          {
            "name": "DSA-3348",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3348"
          },
          {
            "name": "RHSA-2015:1508",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
          },
          {
            "name": "RHSA-2015:1507",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924"
          },
          {
            "name": "RHSA-2015:1512",
            "tags": [
              "vendor-advisory",
              "x_refsource_REDHAT",
              "x_transferred"
            ],
            "url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
          },
          {
            "name": "1032598",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032598"
          },
          {
            "name": "75273",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/75273"
          },
          {
            "name": "[oss-security] 20150625 Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/06/25/7"
          },
          {
            "name": "[qemu-devel] 20150617 Re: [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read()",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2010-02-24T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-26T13:58:33",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/product_security/qemu"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1229640"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.lenovo.com/us/en/product_security/qemu"
        },
        {
          "name": "37990",
          "tags": [
            "exploit",
            "x_refsource_EXPLOIT-DB"
          ],
          "url": "https://www.exploit-db.com/exploits/37990/"
        },
        {
          "name": "GLSA-201510-02",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-02"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924"
        },
        {
          "name": "DSA-3348",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3348"
        },
        {
          "name": "RHSA-2015:1508",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1508.html"
        },
        {
          "name": "RHSA-2015:1507",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1507.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924"
        },
        {
          "name": "RHSA-2015:1512",
          "tags": [
            "vendor-advisory",
            "x_refsource_REDHAT"
          ],
          "url": "http://rhn.redhat.com/errata/RHSA-2015-1512.html"
        },
        {
          "name": "1032598",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032598"
        },
        {
          "name": "75273",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/75273"
        },
        {
          "name": "[oss-security] 20150625 Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/06/25/7"
        },
        {
          "name": "[qemu-devel] 20150617 Re: [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read()",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2015-3214",
    "datePublished": "2015-08-31T10:00:00",
    "dateReserved": "2015-04-10T00:00:00",
    "dateUpdated": "2024-08-06T05:39:31.960Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

OSZAR »