I once setup a Bugzilla 'Component Watching' rule on 'QEMU + CVE', and recently found a notification for BZ#1786026 about a heap overflow in sm501_2d_operation(): https://bugzilla.redhat.com/show_bug.cgi?id=1786026 As this is from december I suppose there was some embargo that recently expired. Apparently there is a CVE assigned but the information about it is private. I'm not sure the upstream community is already aware of this problem, but since we are in hard freeze and the bug can easily be avoided, I believe a 3-lines patch is appropriate.
Philippe Mathieu-Daudé (2): hw/display/sm501: Avoid heap overflow in sm501_2d_operation() qtest: Test the Drawing Engine of the SM501 companion hw/display/sm501.c | 6 ++ tests/qtest/sm501-test.c | 106 +++++++++++++++++++++++++++++++++++ tests/qtest/Makefile.include | 2 + 3 files changed, 114 insertions(+) create mode 100644 tests/qtest/sm501-test.c -- 2.21.1