The virgl_cmd_get_capset function in hw/display/virtio-gpu-3d.c in QEMU built with Virtio GPU Device emulator support allows local guest OS users to cause a denial of service via a VIRTIO_GPU_CMD_GET_CAPSET command with a maximum capabilities size with a value of 0.