A NULL pointer dereference flaw was found in the way the Linux kernel's kvm emulator processed certain rip relative instructions: * certain instructions (such as clflush) were missing proper flags in the decoder tables which to lead to uninitialized ctxt->memopp (CVE-2014-8480) * certain error cases (such as failure to fetch whole instruction) also lead to unitialized ctxt->memopp (CVE-2014-8481) A privileged (CVE-2014-8480) or unprivileged (CVE-2014-8481) guest user could use these flaws to crash the host. Introduced by: http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=41061cdb98a0bec464278b4db8e894a3121671f5 CVE-2014-8480 upstream patches: http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=13e457e0eebf0a0c82c38ceb890d93eb826d62a6 http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=3f6f1480d86bf9fc16c160d803ab1d006e3058d5 CVE-2014-8481 upstream patches: http://git.kernel.org/cgit/virt/kvm/kvm.git/commit/?id=a430c9166312e1aa3d80bce32374233bdbfeba32 Acknowledgements: Red Hat would like to thank Nadav Amit and Andy Lutomirski for reporting this issue.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1156616]
Statement: These issues do not affect Linux kernel packages as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2. These issues do not affect kvm packages as shipped with Red Hat Enterprise Linux 5.