Red Hat Security Advisory 2015-1512-01
https://packetstormsecurity.com/files/132859/RHSA-2015-1512-01.txt
https://packetstormsecurity.com/files/132859/RHSA-2015-1512-01.txthttps://packetstormsecurity.com/files/132859/Red-Hat-Security-Advisory-2015-1512-01.htmlWed, 29 Jul 2015 01:13:01 GMTRed Hat Security Advisory 2015-1512-01 - KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap buffer overflow flaw was found in the way QEMU's IDE subsystem handled I/O buffer access while processing certain ATAPI commands. A privileged guest user in a guest with the CDROM drive enabled could potentially use this flaw to execute arbitrary code on the host with the privileges of the host's QEMU process corresponding to the guest.