Gleb Napatov

**Name of the Vulnerable Software and Affected Versions** Red Hat Enterprise Virtualization (RHEV) version 2.2 KVM version 83 **Description** The issue allows guest OS users to cause a denial of service, resulting in a host OS crash due to a NULL pointer dereference. This occurs when the Intel VT-x extension is enabled and is related to instruction emulation. **Recommendations** For Red Hat Enterprise Virtualization (RHEV) version 2.2, consider disabling the Intel VT-x extension as a temporary workaround to minimize the risk of exploitation. For KVM version 83, restrict the use of instruction emulation to prevent the denial of service. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** KVM version 83 **Description** The issue is related to the x86 emulator in KVM when a guest is configured for Symmetric Multiprocessing (SMP). It does not properly restrict instruction execution based on the Current Privilege Level (CPL) and I/O Privilege Level (IOPL). This allows guest OS users to potentially cause a denial of service (guest OS crash) or gain privileges on the guest OS. The exploitation can occur by accessing an IO port or MMIO region and replacing an instruction between emulator entry and instruction fetch. **Recommendations** For KVM version 83, consider restricting access to IO ports and MMIO regions to minimize the risk of exploitation. As a temporary workaround, limiting the privileges of guest OS users may help reduce the impact of this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.