Stack-based Buffer Overflow in Linux Kernel Allows Privilege Escalation via Crafted Microcode Header

Stack-based Buffer Overflow in Linux Kernel Allows Privilege Escalation via Crafted Microcode Header

CVE-2015-2666 · MEDIUM Severity

AV:L/AC:M/AU:N/C:C/I:C/A:C

Stack-based buffer overflow in the get_matching_model_microcode function in arch/x86/kernel/cpu/microcode/intel_early.c in the Linux kernel before 4.0 allows context-dependent attackers to gain privileges by constructing a crafted microcode header and leveraging root privileges for write access to the initrd.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.