qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a –br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
Source: NIST
CVE-2019-13164
Security in mind
qemu-bridge-helper.c in QEMU 4.0.0 does not ensure that a network interface name (obtained from bridge.conf or a –br=bridge option) is limited to the IFNAMSIZ size, which can lead to an ACL bypass.
Source: NIST
CVE-2019-13164