Debian Linux Security Advisory 3088-1 - Paolo Bonzini of Red Hat discovered that the blit region checks were insufficient in the Cirrus VGA emulator in qemu-kvm, a full virtualization solution on x86 hardware. A privileged guest user could use this flaw to write into qemu address space on the host, potentially escalating their privileges to those of the qemu host process.
6d51c9785cd285e16b0e7f4bd78da7adb9790d24a60222ae3d8f03e864e15afe