A vulnerability in the Bluetooth subsystem of QEMU could allow a local attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to improper handling of negative values for length variables by the affected software. In certain routines where the length parameter is a signed integer, it subsequently converts to an unsigned integer resulting in the memcpy() function copying large amounts of memory. An attacker could exploit the vulnerability by accessing the system and executing an application that submits malicious input to the affected software. An exploit could trigger an integer overflow condition that leads to memory corruption, which could result in a DoS condition. https://nvd.nist.gov/vuln/detail/CVE-2018-19665
