Peter Turschmid

**Name of the Vulnerable Software and Affected Versions** QEMU versions 2.12.0 through 4.2.1 **Description** The issue is related to an out-of-bounds heap buffer access flaw in the iSCSI Block driver. This flaw can be exploited by a remote user to potentially execute arbitrary code or cause a denial of service by crashing the QEMU process. The exploitation is tied to how the iSCSI server response is handled during the checking of a Logical Address Block (LBA) status in the `iscsi co block status()` routine. **Recommendations** For QEMU versions 2.12.0 through 4.2.1, update to version 4.2.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the iSCSI Block driver to minimize the risk of exploitation.