hw/rdma/vmw/pvrdma_cmd.c in QEMU allows attackers to cause a denial of service in create_cq_ring or create_qp_rings.