Name of the Vulnerable Software and Affected Versions kvm-ioctls versions 0.1.0 through 0.19.0

Description An issue in the VmFd::create device function causes undefined behavior due to a violation of Rust's pointer safety rules. The function downcasts a mutable reference to an immutable pointer and passes it to a mutating system call. This results in the code not seeing the value written by the kernel into the fd member of the struct kvm create device argument, instead observing the initial value, usually 0.

Recommendations For versions 0.1.0 through 0.19.0, update to version 0.19.1 to correctly use a mutable pointer and resolve the issue.