Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1156615 - (CVE-2014-8480, CVE-2014-8481) CVE-2014-8480 CVE-2014-8481 kernel: kvm: NULL pointer dereference during rip relative instruction emulation
CVE-2014-8480 CVE-2014-8481 kernel: kvm: NULL pointer dereference during rip ...
Status: CLOSED NOTABUG
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
high Severity high
: ---
: ---
Assigned To: Red Hat Product Security
impact=important,public=20141013,repo...
: Security
Depends On: 1156616
Blocks: 1156617
  Show dependency treegraph
 
Reported: 2014-10-24 15:30 EDT by Petr Matousek
Modified: 2015-02-16 10:40 EST (History)
40 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2014-10-24 15:33:03 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Petr Matousek 2014-10-24 15:30:16 EDT 
A NULL pointer dereference flaw was found in the way the Linux kernel's kvm emulator processed certain rip relative instructions:

  * certain instructions (such as clflush) were missing proper flags in the
    decoder tables which to lead to uninitialized ctxt->memopp (CVE-2014-8480)

  * certain error cases (such as failure to fetch whole instruction) also lead
    to unitialized ctxt->memopp (CVE-2014-8481)

A privileged (CVE-2014-8480) or unprivileged (CVE-2014-8481) guest user could use these flaws to crash the host. 

Introduced by:
http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=41061cdb98a0bec464278b4db8e894a3121671f5

CVE-2014-8480 upstream patches:
http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=13e457e0eebf0a0c82c38ceb890d93eb826d62a6
http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3f6f1480d86bf9fc16c160d803ab1d006e3058d5

CVE-2014-8481 upstream patches:
http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a430c9166312e1aa3d80bce32374233bdbfeba32

Acknowledgements:

Red Hat would like to thank Nadav Amit and Andy Lutomirski for reporting this issue.
Comment 1 Petr Matousek 2014-10-24 15:31:05 EDT 
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1156616]
Comment 2 Petr Matousek 2014-10-24 15:33:03 EDT 
Statement:

These issues do not affect Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.

These issues do not affect kvm packages as shipped with Red Hat Enterprise Linux 5.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.