Lucene search

[email protected]CVE-2014-8481

HistoryNov 10, 2014 - 11:55 a.m.

CVE-2014-8481

2014-11-1011:55:00

CWE-399

[email protected]

web.nvd.nist.gov

cve-2014-8481

linux kernel

kvm subsystem

denial of service

null pointer dereference

6.9 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

45.9%

JSON

The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1) an improperly fetched instruction or (2) an instruction that occupies too many bytes. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8480.

CPENameOperatorVersion
linux:linux_kernellinux linux kernelle3.18

CPE	Name	Operator	Version
linux:linux_kernel	linux linux kernel	le	3.18

References

git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=a430c9166312e1aa3d80bce32374233bdbfeba32

secunia.com/advisories/62042

thread.gmane.org/gmane.comp.emulators.kvm.devel/128427

www.openwall.com/lists/oss-security/2014/10/23/7

bugzilla.redhat.com/show_bug.cgi?id=1156615

github.com/torvalds/linux/commit/a430c9166312e1aa3d80bce32374233bdbfeba32

6.9 Medium

AI Score

Confidence

High

4.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:N/I:N/A:C

0.001 Low

EPSS

Percentile

45.9%

JSON

Related for CVE-2014-8481

prion2 debiancve2 ubuntucve2 cve1 nessus5 archlinux1 fedora1 openvas3