Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 556052 (CVE-2015-3214) - <app-emulation/qemu-2.3.0-r4: i8254: out-of-bounds memory access in pit_ioport_read function (CVE-2015-3214)
Summary: <app-emulation/qemu-2.3.0-r4: i8254: out-of-bounds memory access in pit_iopor...
Alias: CVE-2015-3214
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
Whiteboard: B2 [glsa cve]
Depends on:
Blocks: CVE-2015-5158 556050
  Show dependency tree
Reported: 2015-07-27 15:09 UTC by Agostino Sarubbo
Modified: 2015-10-31 15:07 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2015-07-27 15:09:21 UTC
From ${URL} :

Due converting PIO to the new memory read/write api we no longer provide
separate I/O region lenghts for read and write operations. As a result,
reading from PIT Mode/Command register will end with accessing
pit->channels with invalid index and potentially cause memory corruption and/or
minor information leak.

A privileged guest user in a guest with QEMU PIT emulation enabled could
potentially (tough unlikely) use this flaw to execute arbitrary code on the
host with the privileges of the hosting QEMU process. (QEMU part of the vulnerability)

A privileged guest user in a guest could potentially (tough unlikely) use this flaw to execute 
arbitrary code on the host. (KVM part of the vulnerability)

Upstream commits:



@maintainer(s): after the bump, in case we need to stabilize the package, please let us know if it is ready for the stabilization or not.
Comment 1 Doug Goldstein (RETIRED) gentoo-dev 2015-07-27 19:31:26 UTC
addressed in qemu-2.3.0-r4.
Comment 2 Agostino Sarubbo gentoo-dev 2015-07-28 15:04:38 UTC
amd64 stable
Comment 3 Agostino Sarubbo gentoo-dev 2015-07-28 15:05:03 UTC
x86 stable.

Maintainer(s), please cleanup.
Security, please add it to the existing request, or file a new one.
Comment 4 Yury German Gentoo Infrastructure gentoo-dev 2015-08-09 02:48:20 UTC
Arches and Maintainer(s), Thank you for your work.

Added to an existing GLSA Request.
Comment 5 GLSAMaker/CVETool Bot gentoo-dev 2015-10-31 15:07:14 UTC
This issue was resolved and addressed in
 GLSA 201510-02 at
by GLSA coordinator Kristian Fiskerstrand (K_F).