The load_segment_descriptor implementation in arch/x86/kvm/emulate.c in the Linux kernel before 4.9.5 improperly emulates a MOV SS, NULL selector instruction, which allows guest OS users to cause a denial of service (guest OS crash) or gain guest OS privileges via a crafted application.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Linux_kernel | Linux | * | 4.9.4 (including) |