CVE: CVE-2016-4439 Affected Product: Quick Emulator (Qemu) with ESP/NCR53C9x controller emulation support Vulnerability Type: Out-of-bounds (OOB) write access issue Description: The controller uses a 16-byte FIFO buffer for command and data transfer. The OOB write occurs while writing to this command buffer in . Impact: A privileged user inside the guest could crash the Qemu process, resulting in a Denial of Service (DoS) or potentially execute arbitrary code with the privileges of the Qemu process on the host. Patch: Available at: Upstream patch Reference: Bugzilla entry Discovered by: Li Qiang of 360.cn Inc. Assigned by: Red Hat Inc.