A flaw was found in the way QEMU handled VSC_ATR messages when CCID card passthru device was used. A malicious client could use this flaw to crash the QEMU process or, potentially, escalate his privileges.
Created attachment 532114 [details] Proposed patch
This issue has been addressed in following products: Red Hat Enterprise Linux 6 Via RHSA-2011:1777 https://rhn.redhat.com/errata/RHSA-2011-1777.html
This issue has been addressed in following products: Red Hat Enterprise Linux EUS 6.1 Via RHSA-2011:1801 https://rhn.redhat.com/errata/RHSA-2011-1801.html
Statement: This issue does not affect versions of kvm package as shipped with Red Hat Enterprise Linux 5.