CVE-2018-20815: QEMU: device_tree: heap buffer overflow while loading device tree blob

Severity: Critical

CVSS Score: 9.8

In QEMU 3.1.0, load_device_tree in device_tree.c calls the deprecated load_image function, which has a buffer overflow risk.