CVE-2015-2666

CVSS v2.0 6.9 (Medium)

EPSS 0.07 % (31^th)

Affected Products 2

Advisories 19

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.

Weaknesses

CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

CVE Status: PUBLISHED
CNA: MITRE
Published Date: 2015-05-27 10:59:04
(9 years ago)
Updated Date: 2024-03-14 19:59:23
(6 months ago)

Affected Products

Fedoraproject

Fedora

Linux

Linux Kernel

Configuration #1

	CPE23	From	Up To
Linux Kernel from 3.9 version and prior 3.10.83 version	cpe:2.3:o:linux:linux_kernel	>= 3.9	< 3.10.83
Linux Kernel from 3.11 version and prior 3.12.40 version	cpe:2.3:o:linux:linux_kernel	>= 3.11	< 3.12.40
Linux Kernel from 3.13 version and prior 3.14.47 version	cpe:2.3:o:linux:linux_kernel	>= 3.13	< 3.14.47
Linux Kernel from 3.15 version and prior 3.16.35 version	cpe:2.3:o:linux:linux_kernel	>= 3.15	< 3.16.35
Linux Kernel from 3.17 version and prior 3.18.19 version	cpe:2.3:o:linux:linux_kernel	>= 3.17	< 3.18.19

Configuration #2

		CPE23	From	Up To
	Fedoraproject Fedora 21	cpe:2.3:o:fedoraproject:fedora:21