CVE-2015-3214
Summary
| CVE | CVE-2015-3214 |
|---|---|
| State | PUBLISHED |
| Assigner | redhat |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2015-08-31 10:59:07 UTC |
| Updated | 2026-05-06 22:30:45 UTC |
| Description | The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. |
Risk And Classification
CVSS v2.0 Breakdown
Access Vector
LocalAccess Complexity
MediumAuthentication
NoneConfidentiality
CompleteIntegrity
CompleteAvailability
CompleteAV:L/AC:M/Au:N/C:C/I:C/A:C
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Arista | Eos | 4.12 | All | All | All |
| Operating System | Arista | Eos | 4.13 | All | All | All |
| Operating System | Arista | Eos | 4.14 | All | All | All |
| Operating System | Arista | Eos | 4.15 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Lenovo | Emc Px12-400r Ivx | All | All | All | All |
| Operating System | Lenovo | Emc Px12-450r Ivx | All | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Application | Qemu | Qemu | All | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Compute Node Eus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.1_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.2_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.3_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.4_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.5_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.6_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Power Big Endian Eus | 7.7_ppc64 | All | All | All |
| Operating System | Redhat | Enterprise Linux For Scientific Computing | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Aus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.1 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.5 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Eus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server From Rhui | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Tus | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.2 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.4 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.6 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server Update Services For Sap Solutions | 7.7 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Application | Redhat | Openstack | 5.0 | All | All | All |
| Application | Redhat | Openstack | 6.0 | All | All | All |
| Application | Redhat | Virtualization | 3.0 | All | All | All |
Vendor Declared Affected Products
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| QEMU: Arbitrary code execution (GLSA 201510-02) — Gentoo Security | af854a3a-2127-422b-91ae-364da2661108 | security.gentoo.org | Issue Tracking, Third Party Advisory |
| Debian -- Security Information -- DSA-3348-1 qemu | af854a3a-2127-422b-91ae-364da2661108 | www.debian.org | Issue Tracking, Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Issue Tracking, Third Party Advisory |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Issue Tracking, Third Party Advisory |
| Arista - Security Advisory 0013 | af854a3a-2127-422b-91ae-364da2661108 | www.arista.com | Third Party Advisory |
| QEMU i8254 PIT Emulation Bug - Lenovo Support US | af854a3a-2127-422b-91ae-364da2661108 | support.lenovo.com | Third Party Advisory |
| 404 Not Found | af854a3a-2127-422b-91ae-364da2661108 | mirror.linux.org.au | Broken Link, Vendor Advisory |
| QEMU - Programmable Interrupt Timer Controller Heap Overflow - Multiple dos Exploit | af854a3a-2127-422b-91ae-364da2661108 | www.exploit-db.com | Third Party Advisory, VDB Entry |
| QEMU 'pit_ioport_read()' Function Memory Corruption Vulnerability | af854a3a-2127-422b-91ae-364da2661108 | www.securityfocus.com | Third Party Advisory, VDB Entry |
| QEMU i8254 PIT Emulation Bug - Lenovo Support (US) | af854a3a-2127-422b-91ae-364da2661108 | support.lenovo.com | Third Party Advisory |
| Re: [Qemu-devel] [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read() | af854a3a-2127-422b-91ae-364da2661108 | www.mail-archive.com | |
| kernel/git/torvalds/linux.git - Linux kernel source tree | af854a3a-2127-422b-91ae-364da2661108 | git.kernel.org | Patch, Vendor Advisory |
| KVM: PIT: control word is write-only · torvalds/linux@ee73f65 · GitHub | af854a3a-2127-422b-91ae-364da2661108 | github.com | Patch, Third Party Advisory |
| QEMU i8254 PIT Emulation Bug Lets Local Users Gain Elevated Privileges - SecurityTracker | af854a3a-2127-422b-91ae-364da2661108 | www.securitytracker.com | Third Party Advisory, VDB Entry |
| Red Hat Customer Portal | af854a3a-2127-422b-91ae-364da2661108 | rhn.redhat.com | Third Party Advisory |
| Bug 1229640 – CVE-2015-3214 qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function | af854a3a-2127-422b-91ae-364da2661108 | bugzilla.redhat.com | Issue Tracking |
| oss-security - Re: CVE request -- Linux kernel - kvm: x86: out-of-bounds memory access in pit_ioport_read function | af854a3a-2127-422b-91ae-364da2661108 | www.openwall.com | Mailing List |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| Red Hat Customer Portal | MITRE | access.redhat.com | |
| CVE-2015-3214 - Red Hat Customer Portal | MITRE | access.redhat.com | |
| Re: [Qemu-devel] [PATCH] i8254: fix out-of-bounds memory access in pit_ioport_read() | MITRE | www.mail-archive.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.