CVE-2015-2666
kernel: execution in the early microcode loader
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.
Desbordamiento de buffer basado en pila en la función get_matching_model_microcode en arch/x86/kernel/cpu/microcode/intel_early.c en el kernel de Linux anterior a 4.0 permite a atacantes dependientes de contexto ganar privilegios mediante la construcción de una cabecera de microcódigo manipulada y el aprovechamiento de privilegios root para acceso de escritura al initrd.
A stack-based buffer overflow flaw was found in the Linux kernel's early load microcode functionality. On a system with UEFI Secure Boot enabled, a local, privileged user could use this flaw to increase their privileges to the kernel (ring0) level, bypassing intended restrictions in place.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2015-03-20 CVE Reserved
- 2015-04-30 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (8)
| URL | Tag | Source |
|---|---|---|
| http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 | Broken Link | |
| http://www.openwall.com/lists/oss-security/2015/03/20/18 | Mailing List |
|
| http://www.securitytracker.com/id/1032414 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://github.com/torvalds/linux/commit/f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4 | 2024-03-14 |
| URL | Date | SRC |
|---|---|---|
| http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153329.html | 2024-03-14 | |
| http://rhn.redhat.com/errata/RHSA-2015-1534.html | 2024-03-14 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1204722 | 2015-08-05 | |
| https://access.redhat.com/security/cve/CVE-2015-2666 | 2015-08-05 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.9 < 3.10.83 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.9 < 3.10.83" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.11 < 3.12.40 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.11 < 3.12.40" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.13 < 3.14.47 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.13 < 3.14.47" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.15 < 3.16.35 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.15 < 3.16.35" | - |
Affected
| ||||||
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.17 < 3.18.19 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.17 < 3.18.19" | - |
Affected
| ||||||
| Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 21 Search vendor "Fedoraproject" for product "Fedora" and version "21" | - |
Affected
| ||||||