A NULL pointer dereference flaw was found in the way the Linux kernel's kvm emulator processed certain rip relative instructions:
* certain instructions (such as clflush) were missing proper flags in the
decoder tables which to lead to uninitialized ctxt->memopp (CVE-2014-8480)
* certain error cases (such as failure to fetch whole instruction) also lead
to unitialized ctxt->memopp (CVE-2014-8481)
A privileged (CVE-2014-8480) or unprivileged (CVE-2014-8481) guest user could use these flaws to crash the host.
CVE-2014-8480 upstream patches:
CVE-2014-8481 upstream patches:
Red Hat would like to thank Nadav Amit and Andy Lutomirski for reporting this issue.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1156616]
These issues do not affect Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.
These issues do not affect kvm packages as shipped with Red Hat Enterprise Linux 5.