A flaw was found in QEMU in the way it handles a list of open file descriptors. Improper synchronization of this list can lead to a use-after-free.
Created qemu tracking bugs for this issue:
Affects: epel-7 [bug 1927009]
Affects: fedora-all [bug 1927008]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
This issue does not affect the versions of `qemu-kvm` as shipped with Red Hat products, as they do not include support for the virtio 9p backend.