Salvatore Bonaccorso · Salvatore Bonaccorso · ff8ff40f
--- a/data/CVE/list
+++ b/data/CVE/list
@@ -23,8 +23,11 @@ CVE-2018-20193
 	RESERVED
 CVE-2018-20192
 	RESERVED
-CVE-2018-20191
+CVE-2018-20191 [pvrdma: uar_read leads to NULL dereference]
 	RESERVED
+	- qemu <unfixed>
+	- qemu-kvm <removed>
+	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg03066.html
 CVE-2018-20190 (In LibSass 3.5.5, a NULL Pointer Dereference in the function ...)
 	- libsass <unfixed> (low)
 	[stretch] - libsass <no-dsa> (Minor issue)
@@ -2189,8 +2192,11 @@ CVE-2018-20126
 	RESERVED
 CVE-2018-20125
 	RESERVED
-CVE-2018-20124
+CVE-2018-20124 [rdma: OOB access when building scatter-gather array]
 	RESERVED
+	- qemu <unfixed>
+	- qemu-kvm <removed>
+	NOTE: https://lists.gnu.org/archive/html/qemu-devel/2018-12/msg02822.html
 CVE-2018-20123 (pvrdma_realize in hw/rdma/vmw/pvrdma_main.c in QEMU has a Memory leak ...)
 	- qemu <unfixed> (low; bug #916442)
 	[stretch] - qemu <not-affected> (Vulnerable code not present)