A flaw was found in QEMU in the way it handles a list of open file descriptors. Improper synchronization of this list can lead to a use-after-free. Reference: https://bugs.launchpad.net/qemu/+bug/1911666 Upstream patch: https://git.qemu.org/?p=qemu.git;a=commit;h=89fbea8737e8f7b954745a1ffc4238d377055305
Created qemu tracking bugs for this issue: Affects: epel-7 [bug 1927009] Affects: fedora-all [bug 1927008]
External References: https://bugs.launchpad.net/qemu/+bug/1911666
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-20181
Statement: This issue does not affect the versions of `qemu-kvm` as shipped with Red Hat products, as they do not include support for the virtio 9p backend.