Conor Murphy

**Name of the Vulnerable Software and Affected Versions** qemu-kvm version 0.14.0 **Description** The issue is related to multiple heap-based buffer overflows in the virtio-blk driver. This can be exploited by local guest users to cause a denial of service, potentially leading to a guest crash, and may also allow them to gain privileges. The exploitation can occur through a write request to the `virtio blk handle write` function or a read request to the `virtio blk handle read` function that is not properly aligned. **Recommendations** For qemu-kvm version 0.14.0, consider updating to a newer version that addresses the buffer overflow issues in the virtio-blk driver. As a temporary workaround, restrict access to the `virtio blk handle write` and `virtio blk handle read` functions to minimize the risk of exploitation.