what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 6 of 6 RSS Feed

CVE-2015-3214

Status Candidate

Overview

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Related Files

Gentoo Linux Security Advisory 201510-02
Posted Nov 2, 2015
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201510-2 - A heap-based buffer overflow in QEMU could result in execution of arbitrary code. Versions less than 2.3.0-r4 are affected.

tags | advisory, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2015-3209, CVE-2015-3214, CVE-2015-5154, CVE-2015-5158
SHA-256 | 947d9bf965c7d67dffe41ba0520fc50e4a6c74e1a0831f6018772274dde8386f
Debian Security Advisory 3348-1
Posted Sep 3, 2015
Authored by Debian | Site debian.org

Debian Linux Security Advisory 3348-1 - Several vulnerabilities were discovered in qemu, a fast processor emulator.

tags | advisory, vulnerability
systems | linux, debian
advisories | CVE-2015-3214, CVE-2015-5154, CVE-2015-5165, CVE-2015-5225, CVE-2015-5745
SHA-256 | d4caecd611d7206d6b576bd6b6ffb531a65be402acb6ce80027292d74d548c49
Red Hat Security Advisory 2015-1512-01
Posted Jul 29, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1512-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-3214, CVE-2015-5154
SHA-256 | 530e72ca2188050dcc033500673eaf1070ae047e520dfe654e66a7a68f67e08a
Ubuntu Security Notice USN-2692-1
Posted Jul 29, 2015
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 2692-1 - Matt Tait discovered that QEMU incorrectly handled PIT emulation. In a non-default configuration, a malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Kevin Wolf discovered that QEMU incorrectly handled processing ATAPI commands. A malicious guest could use this issue to cause a denial of service, or possibly execute arbitrary code on the host as the user running the QEMU process. In the default installation, when QEMU is used with libvirt, attackers would be isolated by the libvirt AppArmor profile. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2015-3214, CVE-2015-5154, CVE-2015-5158
SHA-256 | 3ce14f5f91a3957a62189bc98416489ca3815723c67a8c178b27bc6f07b581b9
Red Hat Security Advisory 2015-1508-01
Posted Jul 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1508-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-3214, CVE-2015-5154
SHA-256 | 00824dcce64f6db1345af18546421048f71ab7526a400efd8f3eb27dfb3700df
Red Hat Security Advisory 2015-1507-01
Posted Jul 27, 2015
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2015-1507-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.

tags | advisory, overflow, arbitrary
systems | linux, redhat
advisories | CVE-2015-3214, CVE-2015-5154
SHA-256 | ddef7cd95b5ec264096b359446cefb22c25ef8d746777a0c5f1cc22a1c3f642f
Page 1 of 1
Back1Next

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close