6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
37.5%
Lenovo Security Advisory: LEN-2015-075 **Potential Impact:**Escalation of Privileges Severity: High
Summary:
A vulnerability was reported in QEMU where a local user on the guest system could potentially obtain elevated privileges on the target host system. This vulnerability was reported to Red Hat and has been assigned CVE-2015-3214.
Description:
QEMU is a generic and open source machine emulator and virtualizer and is used as a foundation and hardware emulation layer for running virtual machines under the Xen and KVM/QEMU hypervisors.
A local privileged user on a guest system that has QEMU programmable interval timer (PIT) enabled can issue a specially crafted read request from the PIT Mode/Command register to obtain potentially sensitive information or cause memory corruption and execute arbitrary code on the target host system.
This vulnerability affects certain LenovoEMC px12 products and has been fixed in code version 1.0.10.33264 and above.
Mitigation Strategy for Customers (what you should do to protect yourself):
Update your product to the latest levels using the steps below:
Product Impact:
Please apply the latest versions of the following software updates:
Product Affected | Fix Version | Update Instructions | **Software fix location: ** |
---|---|---|---|
LenovoEMC px12-400r IVX application | Version 1.0.10.33264 and later | See <http://download.lenovo.com/nasupdate/help/lifeline/4.1a/px12-400r/en_US/Content/software_update.html> for instructions on updating to the latest software version |
http://lifelineapps.com/?user_lang=en&device=px12450r&version=&category=&sort=1&redirect_url=
LenovoEMC px12-450r IVX application | Version 1.0.10.33264 and later | See <http://download.lenovo.com/nasupdate/help/lifeline/4.1a/px12-450r/en_US/Content/software_update.html> for instructions on updating to the latest software version | http://lifelineapps.com/?user_lang=en&device=px12450r&version=&category=&sort=1&redirect_url=
Other information and references:
Revision History:
Revision
|
Date
|
Description
—|—|—
1.0 |** 21 Jul 2015**|** Initial release**