qemu-kvm is vulnerable to arbitrary code execution. The vulnerability exists as a flaw was found in the way qemu-kvm handled VSC_ATR messages when a guest was configured for a CCID (Chip/Smart Card Interface Devices) USB smart card reader in passthrough mode. An attacker able to connect to the port on the host being used for such a device could use this flaw to crash the qemu-kvm process on the host or, possibly, escalate their privileges on the host.
git.qemu.org/?p=qemu-stable-0.15.git%3Ba=log
git.qemu.org/?p=qemu-stable-0.15.git;a=log
git.qemu.org/?p=qemu.git%3Ba=log%3Bh=refs/heads/stable-1.0
git.qemu.org/?p=qemu.git;a=log;h=refs/heads/stable-1.0
rhn.redhat.com/errata/RHSA-2011-1777.html
rhn.redhat.com/errata/RHSA-2011-1801.html
access.redhat.com/errata/RHSA-2011:1801
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=751310