The msr_mtrr_valid function in arch/x86/kvm/mtrr.c in the Linux kernel
before 4.6.1 supports MSR 0x2f8, which allows guest OS users to read or
write to the kvm_arch_vcpu data structure, and consequently obtain
sensitive information or cause a denial of service (system crash), via a
crafted ioctl call.

David Matlack discovered that the Kernel-based Virtual Machine (KVM)
implementation in the Linux kernel did not properly restrict variable
Memory Type Range Registers (MTRR) in KVM guests. A privileged user in a
guest VM could use this to cause a denial of service (system crash) in the
host, expose sensitive information from the host, or possibly gain
administrative privileges in the host.

 jdstrand> android kernels (flo, goldfish, grouper, maguro, mako and manta) are
  not supported on the Ubuntu Touch 14.10 and earlier preview kernels
 jdstrand> linux-lts-saucy no longer receives official support
 jdstrand> linux-lts-quantal no longer receives official support
 sbeattie> x86 issue only