A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both s->data_count and the size of s->fifo_buffer are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition.
Exploitability
AV:LAC:LPR:HUI:NScope
S:CImpact
C:NI:NA:H6/CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:HOther