A flaw was found in the way get_rx_bufs() function handled error conditions reported by vhost_get_vq_desc(). A privileged user in the guest could use this flaw to crash the host.
Statement: This issue does not affect Red Hat Enterprise Linux 5 and Red Hat Enterprise MRG 2. This issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 6. Future kernel updates for Red Hat Enterprise Linux 6 may address this issue.
Created kernel tracking bugs for this issue: Affects: fedora-all [bug 1081503]
Upstream patch submission: http://patchwork.ozlabs.org/patch/334291/
This issue has been addressed in following products: RHEV-H and Agents for RHEL-6 Via RHSA-2014:0339 https://rhn.redhat.com/errata/RHSA-2014-0339.html
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2014:0328 https://rhn.redhat.com/errata/RHSA-2014-0328.html
kernel-3.13.8-200.fc20 has been pushed to the Fedora 20 stable repository. If problems still persist, please make note of it in this bug report.
kernel-3.13.9-100.fc19 has been pushed to the Fedora 19 stable repository. If problems still persist, please make note of it in this bug report.