Bug 902673 (CVE-2014-8480) - VUL-0: CVE-2014-8480: kvm: Linux 3.17 guest-triggerable KVM OOPS
Summary: VUL-0: CVE-2014-8480: kvm: Linux 3.17 guest-triggerable KVM OOPS
Status: RESOLVED UPSTREAM
Alias: CVE-2014-8480
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other Other
: P3 - Medium : Normal
Target Milestone: ---
Assignee: Bruce Rogers
QA Contact: Security Team bot
URL: https://smash.suse.de/issue/110146/
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2014-10-27 09:16 UTC by Sebastian Krahmer
Modified: 2017-03-01 12:45 UTC (History)
5 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sebastian Krahmer 2014-10-27 09:16:44 UTC 
OSS:2014/Q4/430



References:
http://seclists.org/oss-sec/2014/q4/430
Comment 1 Sebastian Krahmer 2014-10-27 09:18:45 UTC 
Please note that the initial fix for CVE-2014-8480 is incomplete
and was assigned a new 2014-8481.

By using the correct fix for CVE-2014-8480, we can avoid the new CVE.
Comment 2 Swamp Workflow Management 2014-10-27 23:00:23 UTC 
bugbot adjusting priority
Comment 3 Michal Marek 2014-11-10 10:12:48 UTC 
The upstream commits are 3f6f1480 (KVM: x86: PREFETCH and HINT_NOP should have SrcMem flag) and a430c916 (KVM: emulate: avoid accessing NULL ctxt->memopp).
Comment 4 Bruce Rogers 2014-12-12 22:57:00 UTC 
No fixes needed here for SLE 11 SP3 or SLE 12.
Comment 5 Victor Pereira 2015-03-18 15:11:00 UTC 
is the codestream SLE-11-SP1 affected?
Comment 6 Bruce Rogers 2015-03-19 21:25:11 UTC 
(In reply to Victor Pereira from comment #5)
> is the codestream SLE-11-SP1 affected?

No, it is not - the affected instructions were not emulated, nor did the bad code exist in the SLE-11-SP1 kernel.
Comment 7 Marcus Meissner 2017-03-01 12:45:33 UTC 
I think this means we are done