Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2015-3214
Severity
6.9MEDIUM
EPSS
1.6%
top 18.34%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
Timeline
PublishedAug 31
Latest updateMay 13
Description
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
CVSS vector
AV:L/AC:M/C:C/I:C/A:CExploitability: 3.4 | Impact: 10.0
Affected Packages13 packages
Also affects: Debian Linux 7.0, 8.0, Enterprise Linux 7.0, 7.1_ppc64, 7.2_ppc64, 7.3_ppc64, 7.4_ppc64, 7.5_ppc64, 7.6_ppc64, 7.7_ppc64, 7.3, 7.4, 7.6, 7.7, 7.1, 7.2, 7.5