Vulnerability CVE-2015-3214

Vulnerability Name:

CVE-2015-3214 (CCN-103911)

Assigned:

2015-06-16

Published:

2015-06-16

Updated:

2023-02-13

Summary:

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.4 Medium (CCN CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

6.5 Medium (REDHAT CVSS v2 Vector: AV:A/AC:H/Au:S/C:C/I:C/A:C)
4.8 Medium (REDHAT Temporal CVSS v2 Vector: AV:A/AC:H/Au:S/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Adjacent_Network Access Complexity (AC): High Authentication (Au): Single_Instance
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-119

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2015-3214

Source: CCN
Type: QEMU Web site
QEMU

Source: secalert@redhat.com
Type: Patch, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Broken Link, Vendor Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: CCN
Type: oss-security Mailing List, Wed, 17 Jun 2015 13:09:30 +0200
CVE-2015-3214 qemu: i8254: out-of-bounds memory access in pit_ioport_read function

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: IBM Security Bulletin T1022519
PowerKVM is affected by two Qemu vulnerabilities

Source: secalert@redhat.com
Type: Mailing List
secalert@redhat.com

Source: CCN
Type: BID-75273
QEMU 'pit_ioport_read()' Function Memory Corruption Vulnerability

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: Issue Tracking
secalert@redhat.com

Source: XF
Type: UNKNOWN
qemu-cve20153214-code-exec(103911)

Source: secalert@redhat.com
Type: Patch, Third Party Advisory
secalert@redhat.com

Source: CCN
Type: Packet Storm Security [08-28-2015]
QEMU Programmable Interrupt Timer Controller Heap Overflow

Source: secalert@redhat.com
Type: Issue Tracking, Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: secalert@redhat.com
Type: Third Party Advisory
secalert@redhat.com

Source: EXPLOIT-DB
Type: EXPLOIT
Offensive Security Exploit Database [08-27-2015]

Source: secalert@redhat.com
Type: Third Party Advisory, VDB Entry
secalert@redhat.com

Source: secalert@redhat.com
Type: UNKNOWN
secalert@redhat.com

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2015-3214

Vulnerable Configuration:

Configuration RedHat 1:

cpe:/o:redhat:enterprise_linux:7:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/o:redhat:enterprise_linux:7::client:*:*:*:*:*

Configuration RedHat 3:

cpe:/o:redhat:enterprise_linux:7::computenode:*:*:*:*:*

Configuration RedHat 4:

cpe:/o:redhat:enterprise_linux:7::server:*:*:*:*:*

Configuration RedHat 5:

cpe:/o:redhat:enterprise_linux:7::workstation:*:*:*:*:*

Configuration CCN 1:

cpe:/a:fabrice_bellard:qemu:0.8.2:*:*:*:*:*:*:*

AND

cpe:/a:ibm:powerkvm:2.1:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:20153214	V	CVE-2015-3214	2022-05-20
oval:org.opensuse.security:def:31373	P	Security update for net-snmp (Important)	2022-01-05
oval:org.opensuse.security:def:33749	P	Security update for webkit2gtk3 (Important)	2021-12-01
oval:org.opensuse.security:def:31308	P	Security update for postgresql96 (Important)	2021-11-22
oval:org.opensuse.security:def:34579	P	Security update for java-11-openjdk (Important)	2021-10-27
oval:org.opensuse.security:def:34567	P	Security update for util-linux (Moderate)	2021-10-20
oval:org.opensuse.security:def:34568	P	Security update for python3 (Moderate)	2021-10-20
oval:org.opensuse.security:def:33981	P	Security update for python-urllib3 (Moderate)	2021-09-29
oval:org.opensuse.security:def:31269	P	Security update for ghostscript (Critical)	2021-09-21
oval:org.opensuse.security:def:30244	P	Security update for Mesa (Moderate)	2021-09-16
oval:org.opensuse.security:def:35263	P	Security update for openexr (Important)	2021-09-02
oval:org.opensuse.security:def:34499	P	Security update for djvulibre (Important)	2021-08-05
oval:org.opensuse.security:def:41271	P	Security update for djvulibre (Important)	2021-08-04
oval:org.opensuse.security:def:41191	P	Security update for arpwatch (Important)	2021-06-28
oval:org.opensuse.security:def:30091	P	Security update for caribou (Important)	2021-06-10
oval:org.opensuse.security:def:11421	P	m4-1.4.16-15.74 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11551	P	gpgme-1.5.1-1.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11413	P	libvte9-0.28.2-17.83 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11734	P	vino-3.10.1-1.86 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11443	P	procmail-3.22-267.12 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11570	P	libFLAC8-1.3.0-6.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12372	P	wpa_supplicant-2.2-14.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11489	P	ImageMagick-6.8.8.1-8.2 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11645	P	librpcsecgss3-0.19-16.56 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11712	P	rpm-32bit-4.11.2-10.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:12394	P	accountsservice-0.6.42-16.3.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11536	P	ft2demos-2.5.5-7.5.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:11670	P	libzmq3-4.0.4-13.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:34455	P	Security update for the Linux Kernel (Important)	2021-06-08
oval:org.opensuse.security:def:36101	P	coreutils-8.12-6.25.32.33.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:33666	P	Security update for apache2-mod_auth_openidc (Important)	2021-06-08
oval:org.opensuse.security:def:11721	P	strongswan-5.1.3-18.1 on GA media (Moderate)	2021-06-08
oval:org.opensuse.security:def:33655	P	Security update for curl (Moderate)	2021-05-27
oval:org.opensuse.security:def:34430	P	Security update for xen (Important)	2021-05-12
oval:org.opensuse.security:def:31164	P	Security update for libnettle (Important)	2021-04-28
oval:org.opensuse.security:def:40422	P	Security update for kvm (Important)	2021-04-23
oval:org.opensuse.security:def:34663	P	Security update for tar (Low)	2021-03-29
oval:org.opensuse.security:def:34038	P	Security update for wpa_supplicant (Important)	2021-03-09
oval:org.opensuse.security:def:31329	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2021-02-10
oval:org.opensuse.security:def:31220	P	Security update for sudo (Important)	2021-01-26
oval:org.opensuse.security:def:30005	P	Security update for dovecot22 (Important)	2021-01-04
oval:org.opensuse.security:def:33654	P	Security update for flac (Moderate)	2021-01-04
oval:org.opensuse.security:def:34342	P	Security update for openexr (Moderate)	2020-12-23
oval:org.opensuse.security:def:33885	P	Security update for clamav (Important)	2020-12-22
oval:org.opensuse.security:def:32011	P	Security update for the Linux Kernel (Live Patch 34 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:31088	P	Security update for the Linux Kernel (Live Patch 31 for SLE 12 SP3) (Important)	2020-12-07
oval:org.opensuse.security:def:29948	P	Security update for python-cryptography (Moderate)	2020-12-04
oval:org.opensuse.security:def:41954	P	freeradius-server-2.1.1-7.7.19.77 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:36060	P	xorg-x11-7.4-9.62.46 on GA media (Moderate)	2020-12-03
oval:org.opensuse.security:def:54185	P	e2fsprogs on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55654	P	Security update for tiff (Moderate)	2020-12-01
oval:org.opensuse.security:def:30558	P	Security update for liblzo2-2	2020-12-01
oval:org.opensuse.security:def:18811	P	Security update for java-1_8_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:19028	P	Security update for binutils (Moderate)	2020-12-01
oval:org.opensuse.security:def:53255	P	Security update for libvirt (Important)	2020-12-01
oval:org.opensuse.security:def:53985	P	ibus-chewing on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35378	P	Security update for ntp (Important)	2020-12-01
oval:org.opensuse.security:def:34127	P	Security update for mozilla-nspr, mozilla-nss	2020-12-01
oval:org.opensuse.security:def:34955	P	Security update for fontconfig (Low)	2020-12-01
oval:org.opensuse.security:def:30387	P	Security update for xen (Important)	2020-12-01
oval:org.opensuse.security:def:31125	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:40319	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:40683	P	Security update for the Linux Kernel (Live Patch 10 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:41094	P	Security update for the Linux Kernel (Live Patch 28 for SLE 12 SP2) (Important)	2020-12-01
oval:org.opensuse.security:def:30299	P	Security update for strongswan (Moderate)	2020-12-01
oval:org.opensuse.security:def:30775	P	Security update for avahi (Moderate)	2020-12-01
oval:org.opensuse.security:def:19098	P	Security update for the Linux Kernel (Important)	2020-12-01
oval:org.opensuse.security:def:54259	P	libecpg6 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:55728	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:18632	P	Security update for audiofile (Moderate)	2020-12-01
oval:org.opensuse.security:def:18845	P	Security update for java-1_7_1-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:34391	P	Security update for unrar (Important)	2020-12-01
oval:org.opensuse.security:def:35137	P	Security update for the Linux Kernel (Moderate)	2020-12-01
oval:org.opensuse.security:def:52855	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:53428	P	Security update for php7 (Moderate)	2020-12-01
oval:org.opensuse.security:def:54093	P	pam_krb5 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:35422	P	Security update for openssl-certs	2020-12-01
oval:org.opensuse.security:def:18624	P	Security update for libgit2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34284	P	Security update for Python	2020-12-01
oval:org.opensuse.security:def:41220	P	Security update for git (Important)	2020-12-01
oval:org.opensuse.security:def:35045	P	Security update for jasper	2020-12-01
oval:org.opensuse.security:def:30406	P	Security update for xorg-x11-libs	2020-12-01
oval:org.opensuse.security:def:40330	P	Security update for the Linux Kernel (Live Patch 22 for SLE 12 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:40752	P	Security update for postgresql96 (Important)	2020-12-01
oval:org.opensuse.security:def:32049	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:29656	P	Security update for curl (Moderate)	2020-12-01
oval:org.opensuse.security:def:30348	P	Security update for vim (Important)	2020-12-01
oval:org.opensuse.security:def:40318	P	Security update for java-1_8_0-ibm (Moderate)	2020-12-01
oval:org.opensuse.security:def:30865	P	Security update for emacs	2020-12-01
oval:org.opensuse.security:def:19122	P	Security update for ceph (Important)	2020-12-01
oval:org.opensuse.security:def:29644	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:54297	P	libpolkit0 on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:18667	P	Security update for openldap2 (Moderate)	2020-12-01
oval:org.opensuse.security:def:18883	P	Security update for libwpd (Important)	2020-12-01
oval:org.opensuse.security:def:35177	P	Security update for kvm (Important)	2020-12-01
oval:org.opensuse.security:def:52877	P	Security update for the Linux Kernel (Live Patch 2 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:53534	P	Security update for avahi (Moderate)	2020-12-01
oval:org.opensuse.security:def:35312	P	Security update for mailman (Important)	2020-12-01
oval:org.opensuse.security:def:52854	P	Security update for the Linux Kernel (Live Patch 3 for SLE 15 SP1) (Important)	2020-12-01
oval:org.opensuse.security:def:34799	P	Security update for ansible (Moderate)	2020-12-01
oval:org.opensuse.security:def:35204	P	Security update for libevent (Moderate)	2020-12-01
oval:org.opensuse.security:def:30450	P	Security update for libvorbis	2020-12-01
oval:org.opensuse.security:def:40854	P	Security update for bind (Important)	2020-12-01
oval:org.opensuse.security:def:29729	P	Security update for Mozilla Firefox (Important)	2020-12-01
oval:org.opensuse.security:def:30569	P	Security update for libxml2	2020-12-01
oval:org.opensuse.security:def:30922	P	Security update for gd (Moderate)	2020-12-01
oval:org.opensuse.security:def:19760	P	Security update for libgcrypt (Moderate)	2020-12-01
oval:org.opensuse.security:def:29645	P	Security update for cups (Important)	2020-12-01
oval:org.opensuse.security:def:54378	P	ruby on GA media (Moderate)	2020-12-01
oval:org.opensuse.security:def:30557	P	Security update for libgcrypt	2020-12-01
oval:org.opensuse.security:def:18753	P	Security update for ImageMagick (Moderate)	2020-12-01
oval:org.opensuse.security:def:18995	P	Security update for wireshark (Moderate)	2020-12-01
oval:org.opensuse.security:def:53017	P	Security update for LibVNCServer (Important)	2020-12-01
oval:org.opensuse.security:def:53700	P	Security update for gnutls (Moderate)	2020-12-01
oval:org.opensuse.security:def:35351	P	Security update for mysql (Important)	2020-12-01
oval:org.opensuse.security:def:41146	P	Security update for sane-backends (Important)	2020-12-01
oval:org.opensuse.security:def:41909	P	Security update for libpng12 (Moderate)	2020-12-01
oval:org.opensuse.security:def:34898	P	Security update for dbus-1 (Important)	2020-12-01
oval:org.opensuse.security:def:40574	P	Security update for icu (Moderate)	2020-12-01
oval:org.opensuse.security:def:41030	P	Security update for curl (Important)	2020-12-01
oval:org.opensuse.security:def:29861	P	Security update for Linux Kernel	2020-12-01
oval:org.opensuse.security:def:30643	P	Security update for xorg-x11-libXp	2020-12-01
oval:org.opensuse.security:def:31009	P	Security update for java-1_6_0-ibm (Important)	2020-12-01
oval:org.opensuse.security:def:19086	P	Security update for sssd (Moderate)	2020-12-01
oval:org.opensuse.security:def:19786	P	Security update for qemu (Important)	2020-12-01
oval:org.opensuse.security:def:78362	P	Security update for qemu (Important)	2016-06-13
oval:org.cisecurity:def:242	P	DSA-3348-1 -- qemu -- security update	2016-02-08
oval:com.ubuntu.precise:def:20153214000	V	CVE-2015-3214 on Ubuntu 12.04 LTS (precise) - low.	2015-08-31
oval:com.ubuntu.trusty:def:20153214000	V	CVE-2015-3214 on Ubuntu 14.04 LTS (trusty) - low.	2015-08-31
oval:com.redhat.rhsa:def:20151507	P	RHSA-2015:1507: qemu-kvm security and bug fix update (Important)	2015-07-27

BACK