When KVM initialize a vCPU without create apic, the value of vcpu->arch.apic is NULL, then if we enter guest and let KVM call kvm_hv_process_stimers() in arch/x86/kvm/x86.c:9947, which doesn't check apic in the kernel. Process stimer will use apic finally so it will cause a null pointer dereference. This flaw allows a malicious user in a Local DOS condition.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2099734]
This was fixed for Fedora with the 5.16.19 stable kernel updates.
This issue was fixed upstream in version 5.18. The kernel packages as shipped in following Red Hat products were previously updated to a version that contains the fix via the following errata:
kernel in Red Hat Enterprise Linux 8
kernel-rt in Red Hat Enterprise Linux 8
kernel in Red Hat Enterprise Linux 9
kernel-rt in Red Hat Enterprise Linux 9