qemu-kvm is vulnerable to privilege escalation. It was found that qemu-kvm did not properly drop supplemental group privileges when the root user started guests from the command line (“/usr/libexec/qemu-kvm”) with the “-runas” option. A qemu-kvm process started this way could use this flaw to gain access to files on the host that are accessible to the supplementary groups and not accessible to the primary group.
lists.fedoraproject.org/pipermail/package-announce/2012-June/081972.html
lists.opensuse.org/opensuse-updates/2012-02/msg00009.html
rhn.redhat.com/errata/RHSA-2011-1531.html
secunia.com/advisories/45187
secunia.com/advisories/45188
secunia.com/advisories/45419
secunia.com/advisories/47157
secunia.com/advisories/47992
ubuntu.com/usn/usn-1177-1
www.openwall.com/lists/oss-security/2011/07/12/15
www.openwall.com/lists/oss-security/2011/07/12/5
www.osvdb.org/74752
www.securityfocus.com/bid/48659
access.redhat.com/errata/RHSA-2011:1531
access.redhat.com/security/updates/classification/#moderate
bugs.launchpad.net/qemu/+bug/807893
docs.redhat.com/docs/en-US/Red_Hat_Enterprise_Linux/6/html/6.2_Technical_Notes/qemu-kvm.html#RHSA-2011-1531
exchange.xforce.ibmcloud.com/vulnerabilities/68539
www.debian.org/security/2011/dsa-2282