CVE-2015-2666 - OpenCVE

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:L/AC:M/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Fedoraproject	Fedora

Configuration 1 [-]

OR	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:linux:linux_kernel::::::::

Configuration 2 [-]

cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

References

Link	Resource
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4	Broken Link
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153329.html	Third Party Advisory
http://rhn.redhat.com/errata/RHSA-2015-1534.html	Third Party Advisory
http://www.openwall.com/lists/oss-security/2015/03/20/18	Mailing List
http://www.securitytracker.com/id/1032414	Third Party Advisory VDB Entry
https://bugzilla.redhat.com/show_bug.cgi?id=1204722	Issue Tracking
https://github.com/torvalds/linux/commit/f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4	Patch

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2015-05-27T10:00:00

Updated: 2016-12-29T18:57:01

Reserved: 2015-03-20T00:00:00

Link: CVE-2015-2666

JSON object: View

NVD Information

Status : Analyzed

Published: 2015-05-27T10:59:04.813

Modified: 2024-03-14T19:59:23.823

Link: CVE-2015-2666

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2015-02-19T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "FEDORA-2015-4457", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153329.html"}, {"name": "1032414", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1032414"}, {"name": "[oss-security] 20150320 Re: CVE Request: Linux kernel execution in the early microcode loader.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2015/03/20/18"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4"}, {"name": "RHSA-2015:1534", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204722"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2015-2666", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "FEDORA-2015-4457", "refsource": "FEDORA", "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153329.html"}, {"name": "1032414", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1032414"}, {"name": "[oss-security] 20150320 Re: CVE Request: Linux kernel execution in the early microcode loader.", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2015/03/20/18"}, {"name": "https://github.com/torvalds/linux/commit/f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4"}, {"name": "RHSA-2015:1534", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1204722", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204722"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2015-2666", "datePublished": "2015-05-27T10:00:00", "dateReserved": "2015-03-20T00:00:00", "dateUpdated": "2016-12-29T18:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "E2B0AD58-EA8D-45B5-8904-94271AEC93C8", "versionEndExcluding": "3.10.83", "versionStartIncluding": "3.9", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F50A53F-800B-4B6C-8D9F-15DF58421D96", "versionEndExcluding": "3.12.40", "versionStartIncluding": "3.11", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "4424F17D-6AD4-4FE9-A029-143963887D1A", "versionEndExcluding": "3.14.47", "versionStartIncluding": "3.13", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7DC4BA70-B111-4D2E-BC78-6601CED68F08", "versionEndExcluding": "3.16.35", "versionStartIncluding": "3.15", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "464FCF6E-7FDF-42F9-ABB8-EA4ADD37CD1E", "versionEndExcluding": "3.18.19", "versionStartIncluding": "3.17", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*", "matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd."}, {"lang": "es", "value": "Desbordamiento de buffer basado en pila en la funci\u00f3n get_matching_model_microcode en arch/x86/kernel/cpu/microcode/intel_early.c en el kernel de Linux anterior a 4.0 permite a atacantes dependientes de contexto ganar privilegios mediante la construcci\u00f3n de una cabecera de microc\u00f3digo manipulada y el aprovechamiento de privilegios root para acceso de escritura al initrd."}], "id": "CVE-2015-2666", "lastModified": "2024-03-14T19:59:23.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2015-05-27T10:59:04.813", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153329.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-1534.html"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2015/03/20/18"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1032414"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1204722"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}