PT-2014-8551 · Linux+1 · Linux Kernel+1

Andy Lutomirski

Published

2014-11-10

Updated

2015-11-20

CVE-2014-8481

CVSS v2.0

4.9

Medium

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.18-rc2

Description The issue is related to the instruction decoder in the KVM subsystem, which does not properly handle invalid instructions. This allows guest OS users to cause a denial of service, resulting in a NULL pointer dereference and host OS crash, by running a crafted application. The application can trigger this issue by either causing an improperly fetched instruction or by using an instruction that occupies too many bytes.

Recommendations For Linux kernel versions prior to 3.18-rc2, update to version 3.18-rc2 or later to resolve the issue.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-399

Related Identifiers

ALT-PU-2014-2452

ALT-PU-2015-1794

CVE-2014-8481

Affected Products

Alt Linux

Linux Kernel

PT-2014-8551 · Linux+1 · Linux Kernel+1

CVE-2014-8481

Weakness Enumeration

Related Identifiers

Affected Products

References · 361