Preface: Mount a drive image emulated as an SD card with qemu-system-x86_64.

qemu-system-x86_64 -smp cores=4 -m 1024 -device sdhci-pci -device sd-card,drive=mydrive -drive id=mydrive,if=none,format=raw,file=image.bin

Background:

QEMU Integration with other virtual machines

• VirtualBox uses some QEMU virtual hardware devices and has a built-in qemudede-based Dynamic re-compiler.Same as KQEMU.
• Xen HVM has device emulation based on the QEMU project to provide I/O virtualization to the virtual machines.
• Qemu on FreeBSD as host.It runs under Windows 2000, Windows XP, GNU/Linux (RedHat, Debian) and FreeBSD “host” systems.

QEMU can simulate a variety of hardware devices

• Android and ARM: QEMU emulates the ARMv7 instruction set using the NEON extension.It simulates the Integrated System / CP board,multi-function backplane.
• In Android OS because the VM memory page allocation is not continuous,PIPE driver will pass the remote data address
  to QEMU several times.

Design weakness: sdhci – While doing multi block SDMA, transfer block size may exceed the ‘s->fifo_buffer[s->buf_maxsz]’ size.

Impact: Resulting in a denial of service condition, or potentially execute arbitrary code with privileges of the QEMU process on the host.

Vulnerability details: Refer to link – https://nvd.nist.gov/vuln/detail/CVE-2020-17380