Lucene search

K
cveMitreCVE-2015-2666
HistoryMay 27, 2015 - 10:59 a.m.

CVE-2015-2666

2015-05-2710:59:04
CWE-119
mitre
web.nvd.nist.gov
106
cve
2015
2666
buffer overflow
linux kernel
security vulnerability
privilege escalation

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

30.2%

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.

Affected configurations

Nvd
Node
linuxlinux_kernelRange3.93.10.83
OR
linuxlinux_kernelRange3.113.12.40
OR
linuxlinux_kernelRange3.133.14.47
OR
linuxlinux_kernelRange3.153.16.35
OR
linuxlinux_kernelRange3.173.18.19
Node
fedoraprojectfedoraMatch21

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

30.2%