Bugzilla – Bug 994750
VUL-0: CVE-2014-8481: kernel-source: KVM: x86: Fixing clflush/hint_nop/prefetch
Last modified: 2016-09-06 21:04:45 UTC
via cve db https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8481 The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1) an improperly fetched instruction or (2) an instruction that occupies too many bytes. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8480. MLIST:[kvm] 20141013 [PATCH 0/2] KVM: x86: Fixing clflush/hint_nop/prefetch URL:http://thread.gmane.org/gmane.comp.emulators.kvm.devel/128427 MLIST:[oss-security] 20141023 CVE Request: Linux 3.17 guest-triggerable KVM OOPS URL:http://www.openwall.com/lists/oss-security/2014/10/23/7 CONFIRM:http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=a430c9166312e1aa3d80bce32374233bdbfeba32 CONFIRM:https://bugzilla.redhat.com/show_bug.cgi?id=1156615 CONFIRM:https://github.com/torvalds/linux/commit/a430c9166312e1aa3d80bce32374233bdbfeba32
2.6.32 code looks different, might not be affected. 3.0.x code also looks different, might not be affected. sle12 3.12 has: done: if (ctxt->memopp && ctxt->memopp->type == OP_MEM && ctxt->rip_relative) ctxt->memopp->addr.mem.ea += ctxt->_eip; which might already handle the NULL ptr access, as I guess memopp was NULL. (we might be safe already, please cross check)
fixed with bug 902673 already
bugbot adjusting priority
(In reply to Marcus Meissner from comment #2) > fixed with bug 902673 already Confirmed that this is the case, as this additional CVE was available to also address when the fix for bsc#90267 was made.