qemu-kvm is vulnerable to denial of service (DoS) attacks. The vulnerability exists as the net_checksum_calculate function in net/checksum.c in QEMU allows local guest OS users to cause a denial of service (out-of-bounds heap read and crash) via the payload length in a crafted packet.
git.qemu.org/?p=qemu.git%3Ba=commitdiff%3Bh=362786f14a753d8a5256ef97d7c10ed576d6572b
git.qemu.org/?p=qemu.git;a=commitdiff;h=362786f14a753d8a5256ef97d7c10ed576d6572b
rhn.redhat.com/errata/RHSA-2016-2670.html
rhn.redhat.com/errata/RHSA-2016-2671.html
rhn.redhat.com/errata/RHSA-2016-2704.html
rhn.redhat.com/errata/RHSA-2016-2705.html
rhn.redhat.com/errata/RHSA-2016-2706.html
rhn.redhat.com/errata/RHSA-2017-0083.html
rhn.redhat.com/errata/RHSA-2017-0309.html
rhn.redhat.com/errata/RHSA-2017-0334.html
rhn.redhat.com/errata/RHSA-2017-0344.html
rhn.redhat.com/errata/RHSA-2017-0350.html
www.openwall.com/lists/oss-security/2016/03/03/9
www.openwall.com/lists/oss-security/2016/03/07/3
www.securityfocus.com/bid/84130
www.ubuntu.com/usn/USN-2974-1
access.redhat.com/errata/RHSA-2016:2670
access.redhat.com/errata/RHSA-2016:2671
access.redhat.com/errata/RHSA-2016:2704
access.redhat.com/errata/RHSA-2016:2705
access.redhat.com/errata/RHSA-2016:2706
access.redhat.com/errata/RHSA-2017:0083
access.redhat.com/errata/RHSA-2017:0309
access.redhat.com/errata/RHSA-2017:0334
access.redhat.com/errata/RHSA-2017:0344
access.redhat.com/errata/RHSA-2017:0350
access.redhat.com/security/cve/CVE-2016-2857
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1296567
bugzilla.redhat.com/show_bug.cgi?id=1408389
lists.debian.org/debian-lts-announce/2018/11/msg00038.html