CVE-2020-13361: QEMU - es1370: OOB access due to incorrect frame count leads to DoS Vulnerability Description: An out-of-bounds access issue was found in the ES1370 audio device emulator of the QEMU virtual machine. This issue occurs in the 'audio_pcm_sw_read' function when reading audio byte streams from a channel. If the channel frame count is set to a malicious value, a guest user/process can exploit this flaw to crash the QEMU process on the host, leading to a Denial of Service (DoS) scenario. Affected Component: ES1370 audio device emulator in QEMU Introduced Vulnerability: OOB access caused by incorrect frame count Potential Impact: Crash of the QEMU process, leading to a DoS condition Upstream Patch: Available at this link Discovered By: Ren Ding & Hangqing Zhao of SSLab Georgia Tech CVE ID: CVE-2020-13361 CVE Requested Via: CVEform.mitre.org