CVE-2015-3214
CVE-2015-3214
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
Productos afectados
n/a · n/aPoCs públicas encontradas — 2
cve_referencewww.exploit-db.com/exploits/37990/no verificadoexploitdbwww.exploit-db.com/exploits/37990no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
¿Quieres saber si tu infraestructura está expuesta a esto?
Hablar con TrueHacking →Referencias
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33http://rhn.redhat.com/errata/RHSA-2015-1507.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1508.htmlhttp://rhn.redhat.com/errata/RHSA-2015-1512.htmlhttps://bugzilla.redhat.com/show_bug.cgi?id=1229640https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924https://security.gentoo.org/glsa/201510-02https://support.lenovo.com/product_security/qemuhttps://support.lenovo.com/us/en/product_security/qemuhttps://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13https://www.exploit-db.com/exploits/37990/