A use-after-free issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error mptsas_free_request() does not dequeue request object 'req' from a pending requests' queue. Which later gets processed resulting in the said use-after-free issue. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario.
A use-after-free issue was found in the Megaraid emulator of the QEMU. It occurs while processing SCSI I/O requests because in case of an error mptsas_free_request() does not dequeue request object 'req' from a pending requests' queue. Which later gets processed resulting in the said use-after-free issue. A privileged guest user may use this flaw to crash the QEMU process on the host resulting in a denial of service scenario.
https://bugzilla.redhat.com/show_bug.cgi?id=1924042 https://bugs.launchpad.net/qemu/+bug/1914236
Vulmon