The ioapicdeliver function in virt/kvm/ioapic.c in the Linux kernel through 3.14.1 does not properly validate the kvmirqdeliverytoapic return value, which allows guest OS users to cause a denial of service (host OS crash) via a crafted entry in the redirection table of an I/O APIC. NOTE: the affected code was moved to the ioapicservice function before the vulnerability was announced.