When KVM initialize a vCPU without create apic, the value of vcpu->arch.apic is NULL, then if we enter guest and let KVM call kvm_hv_process_stimers() in arch/x86/kvm/x86.c:9947, which doesn't check apic in the kernel. Process stimer will use apic finally so it will cause a null pointer dereference. This flaw allows a malicious user in a Local DOS condition.
Created kernel tracking bugs for this issue:
Affects: fedora-all [bug 2099734]
This was fixed for Fedora with the 5.16.19 stable kernel updates.