Unrated severityNVD Advisory· Published Nov 10, 2014· Updated Jun 17, 2026

CVE-2014-8481

Description

The instruction decoder in arch/x86/kvm/emulate.c in the KVM subsystem in the Linux kernel before 3.18-rc2 does not properly handle invalid instructions, which allows guest OS users to cause a denial of service (NULL pointer dereference and host OS crash) via a crafted application that triggers (1) an improperly fetched instruction or (2) an instruction that occupies too many bytes. NOTE: this vulnerability exists because of an incomplete fix for CVE-2014-8480.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

Linux/Kernel
cpe:2.3:o:linux:linux_kernel:*:rc1:*:*:*:*:*:*
Range: <=3.18
Linux/Linux kernelllm-fuzzy
Range: <3.18-rc2

Patches

Vulnerability mechanics

References

www.openwall.com/lists/oss-security/2014/10/23/7nvdExploit
github.com/torvalds/linux/commit/a430c9166312e1aa3d80bce32374233bdbfeba32nvdExploit
git.kernel.orgnvd
secunia.com/advisories/62042nvd
thread.gmane.org/gmane.comp.emulators.kvm.devel/128427nvd
bugzilla.redhat.com/show_bug.cginvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000