Guest driver might execute HW commands when shared buffers are not yet allocated, potentially leading to a use-after-free condition.
Created qemu tracking bugs for this issue:
Affects: fedora-all [bug 2069627]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):
This is yet to be merged upstream:
Hi. This appears to have been merged a few days later :)