Greg Kurz

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.13.11 **Description** The issue allows local users to cause a denial of service, resulting in a system crash due to a NULL pointer dereference. This can be achieved by making a KVM CHECK EXTENSION KVM CAP PPC HTM ioctl call to the `/dev/kvm` API endpoint. **Recommendations** For Linux kernel versions prior to 4.13.11, update to version 4.13.11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** The issue is related to multiple integer overflows in the `v9fs xattr read` and `v9fs xattr write` functions. This can be exploited by local guest OS administrators to cause a denial of service, specifically a QEMU process crash, by providing a crafted offset that triggers an out-of-bounds access. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.