Dr. David Alan Gilbert

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a stack-out-of-bounds memory access from the `ioapic write indirect()` function in the KVM x86 module. KASAN reports a stack-out-of-bounds error in `kvm make vcpus request mask+0x174/0x440 [kvm]`. The problem appears to be that the `vcpu bitmap` is allocated as a single long on the stack and should be `KVM MAX VCPUS` long. Additionally, the lower 16 bits of `vcpu bitmap` are cleared with `bitmap zero()` for no particular reason, which may be due to confusion between `bitmap` and `vcpu bitmap` variables in `kvm bitmap or dest vcpus()`. The `kvm make vcpus request mask()` function is involved, and the issue is related to the `ioapic write indirect()` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** A flaw was found in the virtio-fs shared file system daemon (virtiofsd) of QEMU. The new 'xattrmap' option may cause the 'security.capability' xattr in the guest to not drop on file write, potentially leading to a modified, privileged executable in the guest. In rare circumstances, this flaw could be used by a malicious user to elevate their privileges within the guest. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.