Izik Eidus found a bug in QEMU that allows priviledged guest user to control the address Cairo library uses to map it's memory and and therefore the guest can read/write into the whole QEMU address space.
Statement: The CVE-2010-0430 issue was fixed in the kvm packages for Red Hat Enterprise Linux 5 via RHSA-2010:0271, and fixed in the rhev-hypervisor package via RHSA-2010:0476. This CVE was not disclosed at the time the errata were released; therefore, it was not mentioned in them.