A null pointer dereference was found in the kvm module which can lead to denial of service. This flaw is in kvm_dirty_ring_push in virt/kvm/dirty_ring.c. References: https://www.openwall.com/lists/oss-security/2022/04/07/1
Upstream commit: https://github.com/torvalds/linux/commit/5593473a1e6c743764b08e3b6071cb43b5cfa6c4
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 2096875]
This was fixed for Fedora with the 5.16.20 stable kernel updates.
This issue was fixed upstream in version 5.19. The kernel packages as shipped in the following Red Hat products were previously updated to a version that contains the fix via the following errata: kernel in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2022:7683 kernel-rt in Red Hat Enterprise Linux 8 https://access.redhat.com/errata/RHSA-2022:7444 kernel in Red Hat Enterprise Linux 9 https://access.redhat.com/errata/RHSA-2022:8267 kernel-rt in Red Hat Enterprise Linux 9 https://access.redhat.com/errata/RHSA-2022:7933