A flaw was found in the Linux kernel’s Kernel-based virtual machine (KVM) subsystem for AMD’s Secure virtual machine (SVM). The issue occurs when using the created_vcpus list to iterate over vCPUs instead of the online_vcpus list, leading to a possible NULL pointer dereference. This vulnerability impacts the encryption of Virtual Machine Save Areas (VMSAs) for Secure Encrypted Virtualization (SEV).