A NULL pointer dereference security flaw was found in the Linux kernel in the vcpu_scan_ioapic() function in arch/x86/kvm/x86.c. This allows local users with certain privileges to cause a denial of service via a crafted system call to the KVM subsystem. References: https://marc.info/?l=linux-kernel&m=154270287006124&w=2 https://lkml.org/lkml/2018/11/20/580 Introduced by: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=3d81bc7e96d6bca0b8f8b7d1bf6ea72caa3aac57 An upstream patch: https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=e97f852fd4561e77721bb9a4e0ea9d98305b1e93
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1652658]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-19407