In the Linux kernel, the following vulnerability has been resolved:

KVM: x86: check for nEPT/nNPT in slow flush hypercalls

Checking is_guest_mode(vcpu) is incorrect, because translate_nested_gpa()
is only valid if an L2 guest is running *with nested EPT/NPT enabled*.
Instead use the same condition as translate_nested_gpa() itself.