Inside of kvm_main.c there is a case which is unsafe.
The bug is that RtlCopyBytes will unconditionally attempt to read 32 bytes from the system buffer (which is not guaranteed to be at least 32 bytes) into a local kvm_userspace_memory_region structure.
This causes the system to bug check with SYSTEM_SERVICE_EXCEPTION.
One potential fix for this is using aehdCopyInputBuffer and checking the result.
Inside of kvm_main.c there is a case which is unsafe.
The bug is that RtlCopyBytes will unconditionally attempt to read 32 bytes from the system buffer (which is not guaranteed to be at least 32 bytes) into a local kvm_userspace_memory_region structure.
This causes the system to bug check with SYSTEM_SERVICE_EXCEPTION.
One potential fix for this is using aehdCopyInputBuffer and checking the result.