kernel: macvtap: zerocopy: vector length is not validated before pinning user pages
Buffer overflow in the macvtap device driver in the Linux kernel before 3.4.5, when running in certain configurations, allows privileged KVM guest users to cause a denial of service crash via a long descriptor with a long vector length...