Some distributions make virtfs-proxy-helper from QEMU either SUID or give it CAP_CHOWN fs capabilities. This is a terrible idea. While virtfs-proxy-helper makes some sort of flimsy check to make sure its socket path doesn't already exist, it is vulnerable to TOCTOU. This exploit should spawn a root shell, eventually, on vulnerable systems.
1e19e91a7c1729b5f293f8ceb076d4d844b703cbb48b10bd6f16f7fb62c5f677