The address_space_write_continue function in exec.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (out-of-bounds access and guest instance crash) by leveraging use of qemu_map_ram_ptr to access guest ram block area.
http://www.debian.org/security/2017/dsa-3925
http://www.openwall.com/lists/oss-security/2017/07/17/4
http://www.securityfocus.com/bid/99895
https://access.redhat.com/errata/RHSA-2017:3369
https://access.redhat.com/errata/RHSA-2017:3466
https://access.redhat.com/errata/RHSA-2017:3470
https://access.redhat.com/errata/RHSA-2017:3471
https://access.redhat.com/errata/RHSA-2017:3472
https://access.redhat.com/errata/RHSA-2017:3473
https://access.redhat.com/errata/RHSA-2017:3474
https://bugzilla.redhat.com/show_bug.cgi?id=1471638
https://lists.gnu.org/archive/html/qemu-devel/2017-07/msg03775.html
Source: MITRE
Published: 2017-08-02
Updated: 2020-11-10
Type: CWE-125
Base Score: 2.1
Vector: AV:L/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 3.9
Severity: LOW
Base Score: 4.4
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 0.8
Severity: MEDIUM