CVE-2017-5526 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2017-5526): Memory leak in hw/audio/es1370.c in QEMU (aka Quick Emulator) allows local guest OS privileged users to cause a denial of service (host memory consumption and QEMU process crash) via a large number of device unplug operations.
I do not see this in our bugs but I think it might be already covered by previous version. Please advise.
This is fixed in upstream commit 069eb7b2b8fc47c7cb52e5a4af23ea98d939e3da which is present in 2.9.0.
we fixed this bug in our 2.8.0-r1 *** This bug has been marked as a duplicate of bug 606264 ***