It was found that parsing complicated kernel version numbers leads to array index out-of-bounds exception in VersionMapper.fromKernelVersionString method. A malicious user with access to VM could configure it so that it reports a version number that causes API to crash. When the VM with crafted kernel version number is reported among with other VMs, the representation retrieving operation will fail also for all other VMs.
Product bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1311616