Quick Emulator(QEMU) built with the Block driver for iSCSI images support (virtio-blk) is vulnerable to a heap-based buffer overflow issue. The flaw could occur while processing iSCSI asynchronous I/O ioctl(2) calls. A user inside a guest could exploit this flaw to crash the QEMU process resulting in denial of service, or potentially leverage it to execute arbitrary code with QEMU-process privileges on the host.