Lucene search

K
ubuntucveUbuntu.comUB:CVE-2015-2666
HistoryMar 25, 2015 - 12:00 a.m.

CVE-2015-2666

2015-03-2500:00:00
ubuntu.com
ubuntu.com
15

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

30.2%

Stack-based buffer overflow in the get_matching_model_microcode function in
arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0
allows context-dependent attackers to gain privileges by constructing a
crafted microcode header and leveraging root privileges for write access to
the initrd.

Bugs

Notes

Author Note
jdstrand android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support
sbeattie introduced in https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ec400ddeff200b068ddc6c70f7321f49ecf32ed5 (v3.9-rc1)
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchlinux< 3.13.0-51.84UNKNOWN
ubuntu14.10noarchlinux< 3.16.0-36.48UNKNOWN
ubuntu12.04noarchlinux-lts-trusty< 3.13.0-51.84~precise1UNKNOWN
ubuntu14.04noarchlinux-lts-utopic< 3.16.0-36.48~14.04.1UNKNOWN

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.001

Percentile

30.2%