An uninitialized local variable in cputlb tlb_set_page_with_attrs causes a SIGSEGV in io_readx/io_writex via address_space_translate_for_iotlb when a CPU accesses an unmapped IOMMU via memory_region_register_iommu_notifier.
According to https://www.qemu.org/docs/master/system/security.html#non-virtualization-use-case, bugs affecting the Tiny Code Generator (TCG) are not considered security bugs at this time. As a result, Red Hat Product Security does not consider this bug to be a security issue.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):