As one of the QEMU developers put it, --- However this is hardly security critical as ati-vga is experimental and not fully implemented yet so anyone using it will likely get other problems (such as drivers not loading) before a guest could exploit this. I think QEMU only considers bugs in parts that are used for virtualisation via KVM as security problems so maybe this does not even need a CVE and could be normally reported/discussed on the mailing list. ---
See https://lists.gnu.org/archive/html/qemu-devel/2020-08/msg05528.html /mjt
