Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-3214

Опубликовано: 31 авг. 2015
Источник: debian

Описание

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
qemufixed1:2.4+dfsg-1apackage
qemunot-affectedwheezypackage
qemunot-affectedsqueezepackage
qemu-kvmnot-affectedpackage
xenfixed4.4.0-1package
xennot-affectedwheezypackage
linuxnot-affectedpackage
linux-2.6fixed2.6.37-1package
linux-2.6no-dsasqueezepackage

Примечания

  • Xen switched to qemu-system in 4.4.0-1

  • Upstream commit: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d4862a87e31a51de9eb260f25c9e99a75efe3235

  • Introduced in http://git.qemu.org/?p=qemu.git;a=commitdiff;h=0505bcdec8228d8de39ab1a02644e71999e7c052 (v1.3.0-rc0)

  • Upstream commit: https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924 (v2.6.33-rc8)

Связанные уязвимости

ubuntu логотип

CVE-2015-3214

ubuntu
почти 10 лет назад

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

redhat логотип

CVE-2015-3214

redhat
около 10 лет назад

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

nvd логотип

CVE-2015-3214

nvd
почти 10 лет назад

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

github логотип

GHSA-7g3q-j68f-2fw5

github
больше 3 лет назад

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

fstec логотип

BDU:2015-11288

fstec
почти 10 лет назад

Уязвимость эмулятора аппаратного обеспечения QEMU, позволяющая нарушителю выполнить произвольный код на хостовой операционной системе