What is the severity of CVE-2015-2666?

CVE-2015-2666 is classified as a high-severity vulnerability due to its potential for local privilege escalation.

How do I fix CVE-2015-2666?

To fix CVE-2015-2666, update the Linux kernel to a version that is not affected, such as 5.10.223-1 or later.

Which versions of the Linux kernel are affected by CVE-2015-2666?

CVE-2015-2666 affects Linux kernel versions between 3.9 to 3.19.8, including several specific versions in that range.

Can CVE-2015-2666 be exploited on systems with UEFI Secure Boot enabled?

Yes, CVE-2015-2666 can be exploited by a local root user on systems with UEFI Secure Boot enabled to escalate privileges.

What is the impact of CVE-2015-2666?

The impact of CVE-2015-2666 is that it allows a local attacker to gain kernel-level privileges, potentially leading to a full system compromise.

Vulnerability/
CVE-2015-2666

medium

6.9

CWE

119

23/3/2015

27/5/2015

21/11/2024

CVE-2015-2666: Buffer Overflow

First published: Mon Mar 23 2015(Updated: )

It was found that the Linux kernel's Intel early microcode loader was vulnerable to a stack overflow. On a UEFI Secure Boot enabled system, a local root user could use this flaw to increase their privileges to the kernel (ring0) level despite the additional restrictions in place. Upstream fix: <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4">https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit?id=f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4</a>

Credit: cve@mitre.org cve@mitre.org cve@mitre.org

Affected Software	Affected Version	How to fix
Linux kernel	>=3.9<3.10.83
Linux kernel	>=3.11<3.12.40
Linux kernel	>=3.13<3.14.47
Linux kernel	>=3.15<3.16.35
Linux kernel	>=3.17<3.18.19
Fedora	=21
Linux Kernel	<=3.19.8
debian/linux		5.10.223-1 5.10.234-1 6.1.123-1 6.1.128-1 6.12.12-1 6.12.17-1

Remedy

https://github.com/torvalds/linux/commit/f84598bd7c851f8b0bf8cd0d7c3be0d73c432ff4

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2015-2666?
CVE-2015-2666 is classified as a high-severity vulnerability due to its potential for local privilege escalation.
How do I fix CVE-2015-2666?
To fix CVE-2015-2666, update the Linux kernel to a version that is not affected, such as 5.10.223-1 or later.
Which versions of the Linux kernel are affected by CVE-2015-2666?
CVE-2015-2666 affects Linux kernel versions between 3.9 to 3.19.8, including several specific versions in that range.
Can CVE-2015-2666 be exploited on systems with UEFI Secure Boot enabled?
Yes, CVE-2015-2666 can be exploited by a local root user on systems with UEFI Secure Boot enabled to escalate privileges.
What is the impact of CVE-2015-2666?
The impact of CVE-2015-2666 is that it allows a local attacker to gain kernel-level privileges, potentially leading to a full system compromise.

agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2015-2666
agent/severity
agent/weakness
agent/author
collector/mitre-cve
source/MITRE
collector/usn-cve
source/Ubuntu
agent/remedy
agent/references
agent/description
agent/last-modified-date
agent/trending
agent/source
agent/event
agent/tags
agent/softwarecombine
collector/security-tracker-debian
source/Debian
collector/nvd-api
source/NVD
agent/software-canonical-lookup
agent/software-canonical-lookup-request
collector/nvd-cve
collector/nvd-index
package-manager/debian
vendor/linux
canonical/linux kernel
version/linux kernel/3.9
version/linux kernel/3.11
version/linux kernel/3.13
version/linux kernel/3.15
version/linux kernel/3.17
vendor/fedoraproject
canonical/fedora
version/fedora/21
version/linux kernel/3.19.8