CVE-2015-3214
qemu - security update
EPSS 1.6%
Description
The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU before 2.3.1 does not distinguish between read lengths and write lengths, which might allow guest OS users to execute arbitrary code on the host OS by triggering use of an invalid index.
How to fix CVE-2015-3214
To remediate CVE-2015-3214, upgrade the affected package to a fixed version below.
- Debian/qemu—upgrade to 1:2.4+dfsg-1a or later
- Debian/qemu—upgrade to 1:2.1+dfsg-12+deb8u2 or later
- Debian/xen—upgrade to 4.4.0-1 or later
Is CVE-2015-3214 being exploited?
Low — EPSS is 1.6%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 1:2.4+dfsg-1a
- from 0, < 1:2.1+dfsg-12+deb8u2
- from 0, < 4.4.0-1