An out-of-bounds access issue was found in the way Linux kernelβs KVM hypervisor implements the Coalesced MMIO write operation. It operates on an MMIO ring buffer βstruct kvm_coalesced_mmioβ object, wherein write indices βring->firstβ and βring->lastβ value could be supplied by a host user-space process. An unprivileged host user or process with access to β/dev/kvmβ device could use this flaw to crash the host kernel, resulting in a denial of service or potentially escalating privileges on the system.
Restrict access to the '/dev/kvm' device to trusted users.