qemu is vulnerable to a heap-based buffer overflow. The vulnerability is due to insufficient bounds checking in the SDHCI device emulation code of QEMU, when both s->data_count and the size of s->fifo_buffer are set to 0x200, allows a malicious guest to crash the QEMU process on the host, resulting in a denial of service condition.