A flaw was found in libnbd. An assertion failure in in nbd_unlocked_opt_go in ilb/opt.c may lead to denial of service.
Upstream fix: https://gitlab.com/nbdkit/libnbd/-/commit/fb4440de9cc76e9c14bd3ddf3333e78621f40ad0
It's really all Eric's work, I just tested his patch.
Acknowledgments: Name: Eric Blake (Red Hat)
Statement: Red Hat Enterprise Linux 8 is not affected by this issue. The affected API was introduced in upstream `libnbd` version 1.4 which is only shipped in RHEL Advanced Virtualization 8.3.0 onward.