Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Fri, 24 Oct 2014 03:48:32 -0400 (EDT)
From: cve-assign@...re.org
To: luto@...capital.net
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com, pbonzini@...hat.com, nadav.amit@...il.com
Subject: Re: CVE Request: Linux 3.17 guest-triggerable KVM OOPS

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> Nadav Amit discovered an error in the instruction decoder that
> would cause certain RIP-relative instructions to OOPS the decoder.
> Specifically, rather than adding RIP to the operand address, RIP would
> be added to *0 from the host's perspective.

Use CVE-2014-8480.


> I also discovered that Nadav's fix was incomplete (or that there was
> another bug, depending on your perspective).  Certain invalid
> instructions (due to multiple error cases, including a failure to
> fetch part of the instruction or due to the instruction being too
> long) could trigger the same NULL pointer dereference.

Use CVE-2014-8481.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (SunOS)

iQEcBAEBAgAGBQJUSgPZAAoJEKllVAevmvmspakH/06k2WAHqG90ZGTkg90CP/+Z
qO+Wlc1VorlncDDDCGphA4PyRcA66y/o3gcTfWm0EntrLwxP7U3acpk2AJWm+QE5
Ak06BW/bdLT/C6acvtIpsG2E6HdcWXZtI5AsNzT+FMmajyfHlzIoRrh+fdV2Ix+w
iF2FLlhYl65pW9j1I+Zq7hP8HusrRxVvBsPzMEu+ETKkywXvnQ8LG5tUuHGA2RDV
R5CVXX0LilC0B6OY3DkAJoXAWWHi+afO53XWjCeWAIvlO0GlZtZFQnHY8LUhttf0
8tQahl5zkREK4czACJNieUuMZF6oH358m1HgJamWKc2ZXYn1DzqztYEUfMtdnWY=
=ciPH
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ