Reiji Watanabe

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 5.12 **Description** A flaw was found in the Linux kernel related to the KVM API, where the value of `internal.ndata` is mapped to an array index. This index can be updated by a user process at any time, potentially leading to an out-of-bounds write. The highest threat from this issue is to data integrity and system availability. It is also associated with a buffer overflow in memory, which could allow an attacker to cause stack damage. **Recommendations** For Linux kernel versions prior to 5.12, update to version 5.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the KVM API to minimize the risk of exploitation. Avoid using the `internal.ndata` variable in sensitive operations until the issue is resolved.