Mark Cave-Ayland

**Name of the Vulnerable Software and Affected Versions** QEMU versions prior to 8.2.0 **Description** The issue is related to an integer underflow and a resultant buffer overflow in QEMU, which can occur through a TI command when the expected non-DMA transfer length is less than the length of the available FIFO data. This happens in the `esp do nodma` function in `hw/scsi/esp.c` due to an underflow of `async len`. The exploitation of this issue may allow a remote attacker to cause a denial of service. **Recommendations** For QEMU versions prior to 8.2.0, update to version 8.2.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `esp do nodma` function in `hw/scsi/esp.c` until a patch is available. Avoid using the `async len` variable in the affected FIFO buffer component until the issue is resolved.