Description
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Google Security Research · textdosmultiple
https://www.exploit-db.com/exploits/37990
References (17)
Core 17
Core References
Mailing List mailing-list
x_refsource_mlist
https://www.mail-archive.com/qemu-devel%40nongnu.org/msg304138.html
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/product_security/qemu
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1229640
Third Party Advisory x_refsource_confirm
https://support.lenovo.com/us/en/product_security/qemu
Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/37990/
Issue Tracking, Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201510-02
Patch, Third Party Advisory x_refsource_confirm
https://github.com/torvalds/linux/commit/ee73f656a604d5aa9df86a97102e4e462dd79924
Issue Tracking, Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2015/dsa-3348
Issue Tracking, Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1508.html
Issue Tracking, Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1507.html
Broken Link, Vendor Advisory x_refsource_confirm
http://mirror.linux.org.au/linux/kernel/v2.6/ChangeLog-2.6.33
Patch, Vendor Advisory x_refsource_confirm
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ee73f656a604d5aa9df86a97102e4e462dd79924
Third Party Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1512.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1032598
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/75273
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/06/25/7
Third Party Advisory x_refsource_misc
https://www.arista.com/en/support/advisories-notices/security-advisories/1180-security-advisory-13
Scores
EPSS
0.0159
EPSS Percentile
81.8%
Details
CWE
CWE-119
Status
published
Products (50)
arista/eos
4.12
arista/eos
4.13
arista/eos
4.14
arista/eos
4.15
debian/debian_linux
7.0
debian/debian_linux
8.0
lenovo/emc_px12-400r_ivx
< 1.0.10.33264
lenovo/emc_px12-450r_ivx
< 1.0.10.33264
linux/linux_kernel
< 2.6.32
qemu/qemu
< 2.3.0
... and 40 more
Published
Aug 31, 2015
Tracked Since
Feb 18, 2026