A heap based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to crash the QEMU process on the host, resulting in a denial of service condition. Upstream patch: https://patchew.org/QEMU/20240404085549.16987-1-philmd@linaro.org/ oss-fuzz bug: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=58813
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 2274124]
Patch v2: https://patchew.org/QEMU/20240409145524.27913-1-philmd@linaro.org/
Upstream commit: https://gitlab.com/qemu-project/qemu/-/commit/9e4b27ca6bf4974f169bbca7f3dca117b1208b6f