Wei Wu

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions through 4.19.2 **Description** The issue allows local users to cause a denial of service, resulting in a NULL pointer dereference and BUG, by making crafted system calls that lead to an uninitialized apic map situation. **Recommendations** For Linux kernel versions through 4.19.2, update to a version that contains a fix for this issue to prevent local users from causing a denial of service.

**Name of the Vulnerable Software and Affected Versions** Linux kernel versions prior to 4.19.2 **Description** The issue is related to the `vcpu scan ioapic` function in the Linux kernel, which can cause a denial of service due to a NULL pointer dereference and BUG when crafted system calls are made, specifically in situations where `ioapic` is uninitialized. This can be exploited by local users to cause a service disruption. The vulnerability is associated with pointer dereference errors in the `vcpu scan ioapic` function, allowing an attacker to cause a denial of service through a system call to the Kernel-based Virtual Machine (KVM) virtualization subsystem. **Recommendations** For Linux kernel versions prior to 4.19.2, update to a version 4.19.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the KVM virtualization subsystem to minimize the risk of exploitation.