Details of VAR-201508-0166

ID

VAR-201508-0166

CVE

CVE-2015-3214

TITLE

Linux Kernel and QEMU of i8254.c of pit_ioport_read Host in OS Vulnerabilities in arbitrary code execution

Trust: 0.8

sources: JVNDB: JVNDB-2015-004512

DESCRIPTION

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index. QEMU is prone to a memory-corruption vulnerability because it fails to perform adequate boundary-checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code on the host with the privileges of the hosting QEMU process. Failed exploit attempts may result in a denial-of-service condition. The Linux kernel is the kernel used by the open source operating system Linux released by the American Linux Foundation. The NFSv4 implementation is one of the distributed file system protocols. QEMU (also known as Quick Emulator) is a set of analog processor software developed by French programmer Fabrice Bellard. The software has the characteristics of fast speed and cross-platform. There is a security vulnerability in the 'pit_ioport_read' function in the i8254.c file of Linux kernel 2.6.32 and earlier versions and QEMU 2.3.0 and earlier versions. The vulnerability is due to the fact that the program does not distinguish between read length and write length. Relevant releases/architectures: RHEV-H and VDSM for 7 Hosts - x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ===================================================================== Red Hat Security Advisory Synopsis: Important: qemu-kvm security and bug fix update Advisory ID: RHSA-2015:1507-01 Product: Red Hat Enterprise Linux Advisory URL: https://rhn.redhat.com/errata/RHSA-2015-1507.html Issue date: 2015-07-27 CVE Names: CVE-2015-3214 CVE-2015-5154 ===================================================================== 1. Summary: Updated qemu-kvm packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client (v. 7) - x86_64 Red Hat Enterprise Linux Client Optional (v. 7) - x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - x86_64 Red Hat Enterprise Linux Server (v. 7) - ppc64, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. (CVE-2015-5154) An out-of-bounds memory access flaw, leading to memory corruption or possibly an information leak, was found in QEMU's pit_ioport_read() function. (CVE-2015-3214) Red Hat would like to thank Matt Tait of Google's Project Zero security team for reporting the CVE-2015-3214 issue. The CVE-2015-5154 issue was discovered by Kevin Wolf of Red Hat. This update also fixes the following bug: * Due to an incorrect implementation of portable memory barriers, the QEMU emulator in some cases terminated unexpectedly when a virtual disk was under heavy I/O load. This update fixes the implementation in order to achieve correct synchronization between QEMU's threads. As a result, the described crash no longer occurs. (BZ#1233643) All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect. 4. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. For details on how to apply this update, refer to: https://access.redhat.com/articles/11258 5. Bugs fixed (https://bugzilla.redhat.com/): 1229640 - CVE-2015-3214 qemu/kvm: i8254: out-of-bounds memory access in pit_ioport_read function 1243563 - CVE-2015-5154 qemu: ide: atapi: heap overflow during I/O buffer memory access 6. Package List: Red Hat Enterprise Linux Client (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.5.src.rpm x86_64: libcacard-1.5.3-86.el7_1.5.i686.rpm libcacard-1.5.3-86.el7_1.5.x86_64.rpm qemu-img-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm Red Hat Enterprise Linux Client Optional (v. 7): x86_64: libcacard-devel-1.5.3-86.el7_1.5.i686.rpm libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.5.src.rpm x86_64: libcacard-1.5.3-86.el7_1.5.i686.rpm libcacard-1.5.3-86.el7_1.5.x86_64.rpm libcacard-devel-1.5.3-86.el7_1.5.i686.rpm libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm qemu-img-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.5.src.rpm ppc64: qemu-img-1.5.3-86.el7_1.5.ppc64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc64.rpm x86_64: libcacard-1.5.3-86.el7_1.5.i686.rpm libcacard-1.5.3-86.el7_1.5.x86_64.rpm qemu-img-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: libcacard-1.5.3-86.el7_1.5.ppc.rpm libcacard-1.5.3-86.el7_1.5.ppc64.rpm libcacard-devel-1.5.3-86.el7_1.5.ppc.rpm libcacard-devel-1.5.3-86.el7_1.5.ppc64.rpm libcacard-tools-1.5.3-86.el7_1.5.ppc64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.ppc64.rpm x86_64: libcacard-devel-1.5.3-86.el7_1.5.i686.rpm libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: qemu-kvm-1.5.3-86.el7_1.5.src.rpm x86_64: libcacard-1.5.3-86.el7_1.5.i686.rpm libcacard-1.5.3-86.el7_1.5.x86_64.rpm qemu-img-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-common-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-tools-1.5.3-86.el7_1.5.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: libcacard-devel-1.5.3-86.el7_1.5.i686.rpm libcacard-devel-1.5.3-86.el7_1.5.x86_64.rpm libcacard-tools-1.5.3-86.el7_1.5.x86_64.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.i686.rpm qemu-kvm-debuginfo-1.5.3-86.el7_1.5.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2015-3214 https://access.redhat.com/security/cve/CVE-2015-5154 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2015 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iD8DBQFVtjQAXlSAg2UNWIIRAubOAJ9jPmZf7ZF+FHd+a7JxYxxRPAGx0wCgv5dX hlTFJ96W8Yn4W+ZR2yhsbBU= =i68a -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . ============================================================================ Ubuntu Security Notice USN-2692-1 July 28, 2015 qemu vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 15.04 - Ubuntu 14.04 LTS Summary: Several security issues were fixed in QEMU. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. (CVE-2015-5154) Zhu Donghai discovered that QEMU incorrectly handled the SCSI driver. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. This issue only affected Ubuntu 15.04. (CVE-2015-5158) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: qemu-system 1:2.2+dfsg-5expubuntu9.3 qemu-system-aarch64 1:2.2+dfsg-5expubuntu9.3 qemu-system-arm 1:2.2+dfsg-5expubuntu9.3 qemu-system-mips 1:2.2+dfsg-5expubuntu9.3 qemu-system-misc 1:2.2+dfsg-5expubuntu9.3 qemu-system-ppc 1:2.2+dfsg-5expubuntu9.3 qemu-system-sparc 1:2.2+dfsg-5expubuntu9.3 qemu-system-x86 1:2.2+dfsg-5expubuntu9.3 Ubuntu 14.04 LTS: qemu-system 2.0.0+dfsg-2ubuntu1.15 qemu-system-aarch64 2.0.0+dfsg-2ubuntu1.15 qemu-system-arm 2.0.0+dfsg-2ubuntu1.15 qemu-system-mips 2.0.0+dfsg-2ubuntu1.15 qemu-system-misc 2.0.0+dfsg-2ubuntu1.15 qemu-system-ppc 2.0.0+dfsg-2ubuntu1.15 qemu-system-sparc 2.0.0+dfsg-2ubuntu1.15 qemu-system-x86 2.0.0+dfsg-2ubuntu1.15 After a standard system update you need to restart all QEMU virtual machines to make all the necessary changes. CVE-2015-5165 Donghai Zhu discovered that the QEMU model of the RTL8139 network card did not sufficiently validate inputs in the C+ mode offload emulation, allowing a malicious guest to read uninitialized memory from the QEMU process's heap. CVE-2015-5225 Mr Qinghao Tang from QIHU 360 Inc. For the oldstable distribution (wheezy), these problems have been fixed in version 1.1.2+dfsg-6a+deb7u9. The oldstable distribution is only affected by CVE-2015-5165 and CVE-2015-5745. For the stable distribution (jessie), these problems have been fixed in version 1:2.1+dfsg-12+deb8u2. For the unstable distribution (sid), these problems have been fixed in version 1:2.4+dfsg-1a. We recommend that you upgrade your qemu packages. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 201510-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: Normal Title: QEMU: Arbitrary code execution Date: October 31, 2015 Bugs: #551752, #555680, #556050, #556052 ID: 201510-02 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== A heap-based buffer overflow in QEMU could result in execution of arbitrary code. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 app-emulation/qemu < 2.3.0-r4 >= 2.3.0-r4 Description =========== Heap-based buffer overflow has been found in QEMU's PCNET controller. Workaround ========== There is no known workaround at this time. Resolution ========== All QEMU users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-emulation/qemu-2.3.0-r4" References ========== [ 1 ] CVE-2015-3209 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3209 [ 2 ] CVE-2015-3214 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-3214 [ 3 ] CVE-2015-5154 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5154 [ 4 ] CVE-2015-5158 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2015-5158 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/201510-02 Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ======= Copyright 2015 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5

Trust: 2.61

sources: NVD: CVE-2015-3214 // JVNDB: JVNDB-2015-004512 // BID: 75273 // VULHUB: VHN-81175 // VULMON: CVE-2015-3214 // PACKETSTORM: 132839 // PACKETSTORM: 132859 // PACKETSTORM: 132838 // PACKETSTORM: 132855 // PACKETSTORM: 133422 // PACKETSTORM: 134165

AFFECTED PRODUCTS

vendor:	debian	model:	linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	arista	model:	eos	scope:	eq	version:	4.15	Trust: 1.0
vendor:	redhat	model:	enterprise linux compute node eus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux server from rhui	scope:	eq	version:	7.0	Trust: 1.0
vendor:	linux	model:	kernel	scope:	lte	version:	2.6.32	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian eus	scope:	eq	version:	7.7_ppc64	Trust: 1.0
vendor:	qemu	model:	qemu	scope:	lte	version:	2.3.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian eus	scope:	eq	version:	7.2_ppc64	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian eus	scope:	eq	version:	7.3_ppc64	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	7.0	Trust: 1.0
vendor:	lenovo	model:	emc px12-400r ivx	scope:	lt	version:	1.0.10.33264	Trust: 1.0
vendor:	redhat	model:	enterprise linux compute node eus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server update services for sap solutions	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	virtualization	scope:	eq	version:	3.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux compute node eus	scope:	eq	version:	7.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux compute node eus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server update services for sap solutions	scope:	eq	version:	7.2	Trust: 1.0
vendor:	lenovo	model:	emc px12-450r ivx	scope:	lt	version:	1.0.10.33264	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	openstack	scope:	eq	version:	6.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian eus	scope:	eq	version:	7.4_ppc64	Trust: 1.0
vendor:	redhat	model:	enterprise linux server update services for sap solutions	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	openstack	scope:	eq	version:	5.0	Trust: 1.0
vendor:	arista	model:	eos	scope:	eq	version:	4.12	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	arista	model:	eos	scope:	eq	version:	4.13	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian eus	scope:	eq	version:	7.6_ppc64	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian eus	scope:	eq	version:	7.5_ppc64	Trust: 1.0
vendor:	redhat	model:	enterprise linux server update services for sap solutions	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux compute node eus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux for scientific computing	scope:	eq	version:	7.0	Trust: 1.0
vendor:	arista	model:	eos	scope:	eq	version:	4.14	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.5	Trust: 1.0
vendor:	redhat	model:	enterprise linux compute node eus	scope:	eq	version:	7.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server eus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux server update services for sap solutions	scope:	eq	version:	7.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux compute node eus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian eus	scope:	eq	version:	7.1_ppc64	Trust: 1.0
vendor:	fabrice bellard	model:	qemu	scope:	lt	version:	2.3.1	Trust: 0.8
vendor:	linux	model:	kernel	scope:	lt	version:	2.6.33	Trust: 0.8
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.32	Trust: 0.6
vendor:	ubuntu	model:	linux	scope:	eq	version:	15.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts	scope:	eq	version:	14.04	Trust: 0.3
vendor:	redhat	model:	enterprise virtualization hypervisor	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux hpc node	scope:	eq	version:	7	Trust: 0.3
vendor:	redhat	model:	enterprise linux desktop	scope:	eq	version:	7	Trust: 0.3
vendor:	qemu	model:	qemu	scope:	eq	version:	0	Trust: 0.3
vendor:	oracle	model:	enterprise linux	scope:	eq	version:	7	Trust: 0.3
vendor:	ibm	model:	powerkvm	scope:	eq	version:	2.1	Trust: 0.3
vendor:	gentoo	model:	linux	scope:	-	version:	-	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	7	Trust: 0.3
vendor:	ibm	model:	powerkvm build	scope:	ne	version:	2.1.158	Trust: 0.3

sources: BID: 75273 // JVNDB: JVNDB-2015-004512 // CNNVD: CNNVD-201506-371 // NVD: CVE-2015-3214

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-3214
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2015-3214
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201506-371
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-81175
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-3214
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-3214
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-81175
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-81175 // VULMON: CVE-2015-3214 // JVNDB: JVNDB-2015-004512 // CNNVD: CNNVD-201506-371 // NVD: CVE-2015-3214

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-81175 // JVNDB: JVNDB-2015-004512 // NVD: CVE-2015-3214

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201506-371

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201506-371

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-004512

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-81175 // VULMON: CVE-2015-3214

PATCH

title:	KVM: PIT: control word is write-only	url:	https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924	Trust: 0.8
title:	Linux Kernel Archives	url:	http://www.kernel.org	Trust: 0.8
title:	KVM: PIT: control word is write-only	url:	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924	Trust: 0.8
title:	Main Page	url:	http://wiki.qemu.org/Main_Page	Trust: 0.8
title:	Bug 1229640	url:	https://bugzilla.redhat.com/show_bug.cgi?id=1229640	Trust: 0.8
title:	Linux kernel and QEMU‘pit_ioport_read()’ Fixes for function buffer error vulnerabilities	url:	http://123.124.177.30/web/xxk/bdxqById.tag?id=179689	Trust: 0.6
title:	Ubuntu Security Notice: qemu vulnerabilities	url:	https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-2692-1	Trust: 0.1
title:	Red Hat: CVE-2015-3214	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2015-3214	Trust: 0.1
title:	Debian Security Advisories: DSA-3348-1 qemu -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=e77a95c04be0a28f98566f006db46f03	Trust: 0.1
title:	Debian CVElist Bug Report Logs: qemu: CVE-2015-5225: ui: vnc: heap memory corruption in vnc_refresh_server_surface	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=d315b3f2df801c1586a4d3ea5f0ef1c4	Trust: 0.1
title:	Debian CVElist Bug Report Logs: qemu: CVE-2015-5158: scsi stack buffer overflow	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=2bc68b0a8f94995d352f509d204ba98b	Trust: 0.1
title:	Debian CVElist Bug Report Logs: qemu: CVE-2015-5166: Use after free in QEMU/Xen block unplug protocol	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=78f6b481a815feb050c6fe696b774caa	Trust: 0.1
title:	Debian CVElist Bug Report Logs: qemu: CVE-2015-3214: i8254: out-of-bounds memory access in pit_ioport_read function	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=3e5707b2974af878892901fb1518c885	Trust: 0.1
title:	Debian CVElist Bug Report Logs: qemu: CVE-2015-5745: buffer overflow in virtio-serial	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=b661eddefc5e1edaa146807f1a72ab9d	Trust: 0.1
title:	Debian CVElist Bug Report Logs: qemu: CVE-2015-5154: ide: atapi: heap overflow during I/O buffer memory access	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=ac31639f0a78082f2e78528ea7e0203f	Trust: 0.1
title:	Debian CVElist Bug Report Logs: qemu: CVE-2015-5165: rtl8139 uninitialized heap memory information leakage to guest	url:	https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=0e14e001f6f939c9dca39f2c06ec9285	Trust: 0.1
title:	cve_diff_checker	url:	https://github.com/lcatro/cve_diff_checker	Trust: 0.1
title:	CVE-Study	url:	https://github.com/thdusdl1219/CVE-Study	Trust: 0.1

sources: VULMON: CVE-2015-3214 // JVNDB: JVNDB-2015-004512 // CNNVD: CNNVD-201506-371

EXTERNAL IDS

db:	NVD	id:	CVE-2015-3214	Trust: 3.5
db:	BID	id:	75273	Trust: 2.1
db:	SECTRACK	id:	1032598	Trust: 1.8
db:	EXPLOIT-DB	id:	37990	Trust: 1.8
db:	OPENWALL	id:	OSS-SECURITY/2015/06/25/7	Trust: 1.8
db:	JVNDB	id:	JVNDB-2015-004512	Trust: 0.8
db:	CNNVD	id:	CNNVD-201506-371	Trust: 0.7
db:	PACKETSTORM	id:	133422	Trust: 0.2
db:	PACKETSTORM	id:	132859	Trust: 0.2
db:	PACKETSTORM	id:	132855	Trust: 0.2
db:	PACKETSTORM	id:	132838	Trust: 0.2
db:	PACKETSTORM	id:	132839	Trust: 0.2
db:	VULHUB	id:	VHN-81175	Trust: 0.1
db:	VULMON	id:	CVE-2015-3214	Trust: 0.1
db:	PACKETSTORM	id:	134165	Trust: 0.1

sources: VULHUB: VHN-81175 // VULMON: CVE-2015-3214 // BID: 75273 // JVNDB: JVNDB-2015-004512 // PACKETSTORM: 132839 // PACKETSTORM: 132859 // PACKETSTORM: 132838 // PACKETSTORM: 132855 // PACKETSTORM: 133422 // PACKETSTORM: 134165 // CNNVD: CNNVD-201506-371 // NVD: CVE-2015-3214

REFERENCES

url:	https://www.exploit-db.com/exploits/37990/	Trust: 1.9
url:	http://www.securityfocus.com/bid/75273	Trust: 1.9
url:	https://security.gentoo.org/glsa/201510-02	Trust: 1.9
url:	http://rhn.redhat.com/errata/rhsa-2015-1507.html	Trust: 1.9
url:	http://rhn.redhat.com/errata/rhsa-2015-1508.html	Trust: 1.9
url:	http://rhn.redhat.com/errata/rhsa-2015-1512.html	Trust: 1.9
url:	http://www.securitytracker.com/id/1032598	Trust: 1.8
url:	http://www.debian.org/security/2015/dsa-3348	Trust: 1.8
url:	http://www.openwall.com/lists/oss-security/2015/06/25/7	Trust: 1.8
url:	https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html	Trust: 1.8
url:	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924	Trust: 1.8
url:	http://mirror.linux.org.au/linux/kernel/v2.6/changelog-2.6.33	Trust: 1.8
url:	https://bugzilla.redhat.com/show_bug.cgi?id=1229640	Trust: 1.8
url:	https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924	Trust: 1.8
url:	https://support.lenovo.com/product_security/qemu	Trust: 1.8
url:	https://support.lenovo.com/us/en/product_security/qemu	Trust: 1.8
url:	https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13	Trust: 1.8
url:	https://access.redhat.com/security/cve/cve-2015-3214	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-3214	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2015-3214	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5154	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3214	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1507	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1508	Trust: 0.6
url:	https://www.mail-archive.com/qemu-devel@nongnu.org/msg304138.html	Trust: 0.6
url:	https://access.redhat.com/errata/rhsa-2015:1512	Trust: 0.6
url:	http://wiki.qemu.org/main_page	Trust: 0.3
url:	https://www.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.3
url:	https://bugzilla.redhat.com/):	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://access.redhat.com/security/cve/cve-2015-5154	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/contact/	Trust: 0.3
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5158	Trust: 0.2
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://usn.ubuntu.com/2692-1/	Trust: 0.1
url:	http://www.ubuntu.com/usn/usn-2692-1	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/qemu/1:2.2+dfsg-5expubuntu9.3	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/qemu/2.0.0+dfsg-2ubuntu1.15	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5745	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5225	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-5165	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3214	Trust: 0.1
url:	http://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5154	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2015-3209	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-5158	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	http://nvd.nist.gov/nvd.cfm?cvename=cve-2015-3209	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1

CREDITS

Matt Tait of Google's Project Zero.

Trust: 0.9

sources: BID: 75273 // CNNVD: CNNVD-201506-371

SOURCES

db:	VULHUB	id:	VHN-81175
db:	VULMON	id:	CVE-2015-3214
db:	BID	id:	75273
db:	JVNDB	id:	JVNDB-2015-004512
db:	PACKETSTORM	id:	132839
db:	PACKETSTORM	id:	132859
db:	PACKETSTORM	id:	132838
db:	PACKETSTORM	id:	132855
db:	PACKETSTORM	id:	133422
db:	PACKETSTORM	id:	134165
db:	CNNVD	id:	CNNVD-201506-371
db:	NVD	id:	CVE-2015-3214

LAST UPDATE DATE

2024-08-14T13:11:47.612000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-81175	date:	2023-02-13T00:00:00
db:	VULMON	id:	CVE-2015-3214	date:	2023-02-13T00:00:00
db:	BID	id:	75273	date:	2015-12-08T22:03:00
db:	JVNDB	id:	JVNDB-2015-004512	date:	2015-09-01T00:00:00
db:	CNNVD	id:	CNNVD-201506-371	date:	2023-04-10T00:00:00
db:	NVD	id:	CVE-2015-3214	date:	2023-02-13T00:48:24.553

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-81175	date:	2015-08-31T00:00:00
db:	VULMON	id:	CVE-2015-3214	date:	2015-08-31T00:00:00
db:	BID	id:	75273	date:	2015-06-17T00:00:00
db:	JVNDB	id:	JVNDB-2015-004512	date:	2015-09-01T00:00:00
db:	PACKETSTORM	id:	132839	date:	2015-07-27T15:37:06
db:	PACKETSTORM	id:	132859	date:	2015-07-29T01:13:01
db:	PACKETSTORM	id:	132838	date:	2015-07-27T15:36:52
db:	PACKETSTORM	id:	132855	date:	2015-07-29T00:57:08
db:	PACKETSTORM	id:	133422	date:	2015-09-03T22:28:25
db:	PACKETSTORM	id:	134165	date:	2015-11-02T16:49:11
db:	CNNVD	id:	CNNVD-201506-371	date:	2015-06-23T00:00:00
db:	NVD	id:	CVE-2015-3214	date:	2015-08-31T10:59:07.580