Bug 1156615 (CVE-2014-8480, CVE-2014-8481)
| Summary: | CVE-2014-8480 CVE-2014-8481 kernel: kvm: NULL pointer dereference during rip relative instruction emulation | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Petr Matousek <pmatouse> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | agordeev, aquini, areis, bhu, davej, dhoward, ehabkost, esammons, fhrbata, gansalmon, iboverma, itamar, jforbes, jkacur, jonathan, jross, jrusnack, jwboyer, kernel-maint, kernel-mgr, knoel, lgoncalv, lwang, madhu.chinakonda, matt, mchehab, mcressma, mguzik, mkenneth, mrezanin, mtosatti, nmurray, pholasek, plougher, rhod, rt-maint, rvrbovsk, stefanha, virt-maint, williams |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2014-10-24 19:33:03 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1156616 | ||
| Bug Blocks: | 1156617 | ||
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1156616] Statement: These issues do not affect Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. These issues do not affect kvm packages as shipped with Red Hat Enterprise Linux 5. |
A NULL pointer dereference flaw was found in the way the Linux kernel's kvm emulator processed certain rip relative instructions: * certain instructions (such as clflush) were missing proper flags in the decoder tables which to lead to uninitialized ctxt->memopp (CVE-2014-8480) * certain error cases (such as failure to fetch whole instruction) also lead to unitialized ctxt->memopp (CVE-2014-8481) A privileged (CVE-2014-8480) or unprivileged (CVE-2014-8481) guest user could use these flaws to crash the host. Introduced by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=41061cdb98a0bec464278b4db8e894a3121671f5 CVE-2014-8480 upstream patches: http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=13e457e0eebf0a0c82c38ceb890d93eb826d62a6 http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3f6f1480d86bf9fc16c160d803ab1d006e3058d5 CVE-2014-8481 upstream patches: http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a430c9166312e1aa3d80bce32374233bdbfeba32 Acknowledgements: Red Hat would like to thank Nadav Amit and Andy Lutomirski for reporting this issue.