PublicDateAtUSN: 2015-06-17
Candidate: CVE-2015-3214
PublicDate: 2015-08-31 10:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3214
 https://www.mail-archive.com/qemu-devel@nongnu.org/msg304063.html
 https://ubuntu.com/security/notices/USN-2692-1
Description:
 The pit_ioport_read in i8254.c in the Linux kernel before 2.6.33 and QEMU
 before 2.3.1 does not distinguish between read lengths and write lengths,
 which might allow guest OS users to execute arbitrary code on the host OS
 by triggering use of an invalid index.
Ubuntu-Description:
Notes:
 sbeattie> introduced in 0505bcdec8228d8de39ab1a02644e71999e7c05, 1.3.0 first version
Bugs:
Priority: low
Discovered-by: Matt Tait
Assigned-to: mdeslaur
CVSS: 

Patches_qemu-kvm:
upstream_qemu-kvm: needs-triage
precise_qemu-kvm: not-affected (pre 1.3.0)
trusty_qemu-kvm: DNE
trusty/esm_qemu-kvm: DNE
utopic_qemu-kvm: DNE
vivid_qemu-kvm: DNE
devel_qemu-kvm: DNE

Patches_qemu:
 upstream: http://git.qemu.org/?p=qemu.git;a=commitdiff;h=d4862a87e31a51de9eb260f25c9e99a75efe3235
upstream_qemu: needs-triage
precise_qemu: DNE
trusty_qemu: released (2.0.0+dfsg-2ubuntu1.15)
trusty/esm_qemu: released (2.0.0+dfsg-2ubuntu1.15)
utopic_qemu: ignored (reached end-of-life)
vivid_qemu: released (1:2.2+dfsg-5expubuntu9.3)
devel_qemu: released (1:2.3+dfsg-5ubuntu3)