QEMU emulator built with the AHCI emulator support is vulnerable to a NULL pointer dereference issue. It could occur while committing DMA buffer in ahci_commit_buf() if the command header 'ad->cur_cmd' is null. A privileged guest user could use this flaw to crash the QEMU process instance resulting in DoS. Upstream Patch: -> https://lists.gnu.org/archive/html/qemu-devel/2019-08/msg01358.html
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1759911] Created xen tracking bugs for this issue: Affects: fedora-all [bug 1759910]
Statement: The qemu-kvm package versions as shipped with Red Hat Enterprise Linux 6 and 7 are not affected by this issue. The qemu-kvm package version as shipped with Red Hat Enterprise Linux 8 is affected by this issue. Future qemu-kvm updates for Red Hat Enterprise Linux 8 may address this issue.