LSI SCSI Use After Free (CVE-2022-0216)

A use-after-free vulnerability was found in the LSI53C895A SCSI Host Bus Adapter. The flaw occurs while processing repeated messages to cancel the current SCSI request via the lsi_do_msgout function. A malicious privileged user within the guest could use this flaw to crash the QEMU process on the host. Crash is the most likely outcome from this bug (that is, the UAF is not exploitable). See STAR Labs security advisory [1] for more information.

[1] https://starlabs.sg/advisories/22/22-0216