Launchpad.net

CVE 2020-13754

hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation.

See the CVE page on Mitre.org for more details.