DEBIAN-CVE-2015-3214

DEBIAN-CVE-2015-3214 PUBLISHED CVSS 9.300000190734863 CRITICAL

The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.

Risk Scores

CVSS 4.0

9.300000190734863

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected Products

Vendor	Product	Versions
Debian:13	xen	0, 0, 0
Debian:11	qemu	0, 0, 0
Debian:13	qemu	0, 0, 0
Debian:14	qemu	0, 0, 0
Debian:12	qemu	0, 0, 0
Debian:11	xen	0, 0, 0
Debian:12	xen	0, 0, 0
Debian:14	xen	0, 0, 0

Timeline

Aug 31, 2015 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2015-3214 advisory

Open in Interactive Console →