Bug 1156615 (CVE-2014-8480, CVE-2014-8481) - CVE-2014-8480 CVE-2014-8481 kernel: kvm: NULL pointer dereference during rip relative instruction emulation
Summary: CVE-2014-8480 CVE-2014-8481 kernel: kvm: NULL pointer dereference during rip ...
Alias: CVE-2014-8480, CVE-2014-8481
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Whiteboard: impact=important,public=20141013,repo...
Depends On: 1156616
Blocks: 1156617
TreeView+ depends on / blocked
Reported: 2014-10-24 19:30 UTC by Petr Matousek
Modified: 2019-06-08 20:14 UTC (History)
40 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-10-24 19:33:03 UTC

Attachments (Terms of Use)

Description Petr Matousek 2014-10-24 19:30:16 UTC
A NULL pointer dereference flaw was found in the way the Linux kernel's kvm emulator processed certain rip relative instructions:

  * certain instructions (such as clflush) were missing proper flags in the
    decoder tables which to lead to uninitialized ctxt->memopp (CVE-2014-8480)

  * certain error cases (such as failure to fetch whole instruction) also lead
    to unitialized ctxt->memopp (CVE-2014-8481)

A privileged (CVE-2014-8480) or unprivileged (CVE-2014-8481) guest user could use these flaws to crash the host. 

Introduced by:

CVE-2014-8480 upstream patches:

CVE-2014-8481 upstream patches:


Red Hat would like to thank Nadav Amit and Andy Lutomirski for reporting this issue.

Comment 1 Petr Matousek 2014-10-24 19:31:05 UTC
Created kernel tracking bugs for this issue:

Affects: fedora-all [bug 1156616]

Comment 2 Petr Matousek 2014-10-24 19:33:03 UTC

These issues do not affect Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.

These issues do not affect kvm packages as shipped with Red Hat Enterprise Linux 5.

Note You need to log in before you can comment on or make changes to this bug.