Zhenhao Hong

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** The issue allows local guest OS users to cause a denial of service, resulting in an out-of-bounds read and process crash. This is achieved via a scanout id in a VIRTIO GPU CMD SET SCANOUT command that is larger than num scanouts. The virtio gpu set scanout function in QEMU, built with Virtio GPU Device emulator support, is the affected component. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** QEMU (affected versions not specified) **Description** The issue is related to the `virgl cmd get capset` function in the Virtio GPU Device emulator support component of QEMU. It allows local guest OS users to cause a denial of service (out-of-bounds read and process crash) via a `VIRTIO GPU CMD GET CAPSET` command with a maximum capabilities size set to 0. This is due to a buffer data out-of-bounds read vulnerability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.