Linux kernel built for the x86 architecture, with the KVM virtualisation support(CONFIG_KVM) is vulnerable to a NULL pointer dereference flaw. It could occur while doing KVM's Virtual CPU ioctl(2) call, in Linux kernel's kvm_apic_has_events() function. An unprivileged user able to access "/dev/kvm" device, could use this flaw to crash the system kernel resulting in DoS. Upstream fix: ------------- -> https://lkml.org/lkml/2015/6/4/163 Reference: ---------- -> http://seclists.org/oss-sec/2015/q2/680
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1230774]
Statement: This issue does not affect the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5, 6 and Red Hat Enterprise MRG 2. This issue affects the version of the kernel package as shipped with Red Hat Enterprise Linux 7.
This has been rated as having Moderate security impact and is not currently planned to be addressed in future updates. For additional information, refer to the Red Hat Enterprise Linux Life Cycle: -> https://access.redhat.com/support/policy/updates/errata/
kernel-4.0.6-300.fc22 has been pushed to the Fedora 22 stable repository. If problems still persist, please make note of it in this bug report.
kernel-4.0.6-200.fc21 has been pushed to the Fedora 21 stable repository. If problems still persist, please make note of it in this bug report.
Please update description, seems it was fixed in RHEL7.2 https://access.redhat.com/labs/psb/versions/kernel-3.10.0-327.el7/patches/kvm-x86-fix-kvm_apic_has_events-to-check-for-NULL-pointer