QEMU 4.2.0 has a use-after-free in hw/net/e1000e_core.c because a guest OS user can trigger an e1000e packet with the data's address set to the e1000e's MMIO address. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available.
Use After Free
Memory Corruption
Information Disclosure
Qemu
Debian Linux
NVD
CVSS 3.1
3.3
EPSS
0.4%