In Qemu 3
In Qemu 3.0.0, lsi_do_msgin in hw/scsi/lsi53c895a.c allows out-of-bounds access by triggering an invalid msg_len value.
Exploitability
AV:L
AC:L
PR:L
UI:N
Scope
S:U
Impact
C:N
I:N
A:H
5.5/CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H