** Description changed: - Incomplete fix for CVE-2014-8480 + The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in + the Linux kernel before 3.18-rc2 does not properly handle invalid + instructions, which allows guest OS users to cause a denial of service + (NULL pointer dereference and host OS crash) via a crafted application that + triggers (1) an improperly fetched instruction or (2) an instruction that + occupies too many bytes. NOTE: this vulnerability exists because of an + incomplete fix for CVE-2014-8480. Break-Fix: 41061cdb98a0bec464278b4db8e894a3121671f5 a430c9166312e1aa3d80bce32374233bdbfeba32
** Changed in: linux-lts-raring (Ubuntu Precise) Status: New => Invalid ** Changed in: linux-lts-saucy (Ubuntu Precise) Status: New => Invalid ** Changed in: linux-lts-quantal (Ubuntu Precise) Status: New => Invalid ** Changed in: linux (Ubuntu Vivid) Status: New => Invalid -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1386401 Title: CVE-2014-8481 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1386401/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs