The KVM implementation in the Linux kernel through 4.14.7 allows attackers to cause a denial of service (write_mmio stack-based out-of-bounds read) or possibly have unspecified other impact, related to arch/x86/kvm/x86.c and include/trace/events/kvm.h.
Gentoo Security Padawan
Accepted on upstream: https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?h=linux-4.14.y&id=653c41ac4729261cb356ee1aff0f3f4f342be1eb . It is part of 4.14.x since 4.14.14
Fix in 4.9.77, 4.14.14, 4.15.