hw/sparc64/sun4u.c in QEMU 3.1.50 is vulnerable to a NULL pointer dereference, which allows the attacker to cause a denial of service via a device driver.
lists.opensuse.org/opensuse-security-announce/2019-09/msg00000.html
www.securityfocus.com/bid/108024
fakhrizulkifli.github.io/posts/2019/01/03/CVE-2019-5008/
git.qemu.org/?p=qemu.git%3Ba=history%3Bf=hw/sparc64/sun4u.c%3Bhb=HEAD
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BOE3PVFPMWMXV3DGP2R3XIHAF2ZQU3FS/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RVDHJB2QKXNDU7OFXIHIL5O5VN5QCSZL/
usn.ubuntu.com/3978-1/