Name of the Vulnerable Software and Affected Versions kvm-ioctls versions 0.1.0 through 0.19.0

Description An issue in the VmFd::create device function leads to undefined behavior and miscompilations due to a violation of Rust's pointer safety rules. The function incorrectly downcasts a mutable reference to an immutable pointer and passes it to a mutating system call. This results in the code not seeing the value written by the kernel into the fd member of the struct kvm create device argument, instead observing the initial value of this field, usually 0.

Recommendations For versions 0.1.0 through 0.19.0, update to version 0.19.1 to correctly use a mutable pointer and resolve the issue.