HCE2-SA-2022-0052 Moderate HCE 2.0 Security Fix(es): A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter emulation of QEMU. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. This flaw allows a malicious privileged user within the guest to crash the QEMU process on the host, resulting in a denial of service. (CVE-2022-0216) An infinite loop flaw was found in the USB xHCI controller emulation of QEMU while computing the length of the Transfer Request Block (TRB) Ring. This flaw allows a privileged guest user to hang the QEMU process on the host, resulting in a denial of service. (CVE-2020-14394) HCE 2.0 qemu-img-6.2.0-258.hce2.aarch64.rpm qemu-img-6.2.0-258.hce2.x86_64.rpm