A flaw was found in qemu v4.0 and newer. An out of bounds write in the PBP bitmap can be trigged if a ramblock gets removed/readded and gets the exact same address causing qemu to crash. Upstream patch: https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg05673.html https://lists.gnu.org/archive/html/qemu-devel/2019-07/msg05668.html