hw/pci/msix.c in QEMU 4.2.0 allows guest OS users to trigger an out-of-bounds access via a crafted address in an msi-x mmio operation. CREATE(Triage):(User=admin) [CVE-2020-13754|https://nvd.nist.gov/vuln/detail/CVE-2020-13754]