Lucene search

K
nvd[email protected]NVD:CVE-2015-2666
HistoryMay 27, 2015 - 10:59 a.m.

CVE-2015-2666

2015-05-2710:59:04
CWE-119
web.nvd.nist.gov
10

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

30.2%

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.

Affected configurations

Nvd
Node
linuxlinux_kernelRange3.93.10.83
OR
linuxlinux_kernelRange3.113.12.40
OR
linuxlinux_kernelRange3.133.14.47
OR
linuxlinux_kernelRange3.153.16.35
OR
linuxlinux_kernelRange3.173.18.19
Node
fedoraprojectfedoraMatch21
VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
fedoraprojectfedora21cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

5.9

Confidence

High

EPSS

0.001

Percentile

30.2%