Upstream Qemu is vulnerable to sending malicious PRDT data to the host's
IDE and/or AHCI controller emulation. This could result in infinite loop or memory leakage on the host leading to unbounded resource consumption on the host.
A privileged user inside guest could use this flaw to crash the system,
resulting in DoS.
This issue did not affect the versions of the kvm package as shipped with Red Hat Enterprise Linux 5 and the versions of the qemu-kvm packages as shipped with Red Hat Enterprise Linux 6.
This issue affects the version of the qemu-kvm package as shipped with Red Hat Enterprise Linux 7, a future update may address this flaw.
Created qemu tracking bugs for this issue:
Affects: fedora-all [bug 1205103]
*** Bug 1205321 has been marked as a duplicate of this bug. ***