Andrew Henderson

**Name of the Vulnerable Software and Affected Versions** QEMU (aka Quick Emulator) version 9 (affected versions not specified) **Description** The issue allows local guest OS administrators to cause a denial of service by sending an empty string parameter to a 9P operation, resulting in a NULL pointer dereference and QEMU process crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU (aka Quick Emulator) (affected versions not specified) **Description** The issue allows local guest OS administrators to cause a denial of service, resulting in an infinite loop and CPU consumption. This is due to a failure to limit the ring descriptor count in the `rtl8139 cplus transmit` function. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.