Multiple vulnerabilities have been discovered in qemu-kvm, a full
virtualization solution on x86 hardware based on Quick
Emulator(Qemu). The Common Vulnerabilities and Exposures project
identifies the following problems:
A privileged user/process inside guest could use this issue to crash
the Qemu process on the host leading to DoS.
A privileged user inside guest could use this flaw to consume excessive CPU
cycles on the host, resulting in DoS.
A privileged user inside guest could use this flaw to consume
excessive CPU cycles on the host, resulting in DoS situation.
Further issues fixed where the CVE requests are pending:
A privileged user inside guest could use this flaw to cause a DoS on the host
and/or potentially crash the Qemu process on the host.
A privileged user inside guest could use this flaw to leak the host
memory bytes resulting in DoS for other services.
A privileged user inside guest could use this flaw to crash the Qemu
process instance resulting in DoS.
A privileged user inside guest could use this flaw to leak host
memory, thus affecting other services on the host and/or potentially
crash the Qemu process on the host.
For Debian 7 Wheezy, these problems have been fixed in version
1.1.2+dfsg-6+deb7u18.
We recommend that you upgrade your qemu-kvm packages.
Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: <https://wiki.debian.org/LTS>