A use after free issue was found in the way Linux kernel's KVM hypervisor
processed posted interrupts, when nested(=1) virtualization is enabled.
In nested_get_vmcs12_pages(), in case of an error while processing posted
interrupt address, it unmaps the 'pi_desc_page' without resetting 'pi_desc'
descriptor address. Which is latter used in pi_test_and_clear_on().
A guest user/process could use this flaw to crash the host kernel resulting
in DoS OR potentially gain privileged access to a system.
Name: Cfir Cohen (google.com)
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 1660606]