The x86_decode_insn function in arch/x86/kvm/emulate.c in the Linux kernel before 4.8.7, when KVM is enabled, allows local users to cause a denial of service (host OS crash) via a certain use of a ModR/M byte in an undefined instruction.
http://www.kernel.org/pub/linux/kernel/v4.x/ChangeLog-4.8.7
https://github.com/torvalds/linux/commit/d9092f52d7e61dd1557f2db2400ddb430e85937e
http://www.openwall.com/lists/oss-security/2016/11/22/3
https://bugzilla.redhat.com/show_bug.cgi?id=1393350
http://www.securityfocus.com/bid/94459
Source: MITRE
Published: 2016-11-28
Updated: 2023-02-12
Type: CWE-284
Base Score: 4.9
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 3.9
Severity: MEDIUM
Base Score: 5.5
Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 1.8
Severity: MEDIUM