The virtqueue_map_desc function in hw/virtio/virtio.c in QEMU (aka Quick Emulator) allows local guest OS administrators to cause a denial of service (NULL pointer dereference and QEMU process crash) via a large I/O descriptor buffer length value.
| Product | Vendor | Version |
|---|---|---|
| n/a | n/a | 23.0 ap373872 |