Amazon Linux AMI Security Advisory: ALAS-2021-1467
Advisory Release Date: 2021-01-12 22:51 Pacific
Advisory Updated Date: 2021-01-13 18:20 Pacific
A use-after-free issue was found in the SLiRP networking implementation of the QEMU emulator. The issue occurs in ip_reass() routine while reassembling incoming packets, if the first fragment is bigger than the m->m_dat buffer. A user or process could use this flaw to crash the QEMU process on the host, resulting in a denial of service. (CVE-2019-15890 )
Run yum update qemu-kvm to update your system.