A flaw was found in the way guest provided parameter validation was performed in vmware-vga driver in rectangle handling functionality. A privileged guest user could use this flaw to write into qemu address space on the host, pontentially escalating their privileges to that of qemu host process. Proposed upstream fix: https://www.mail-archive.com/qemu-devel@nongnu.org/msg261580.html Acknowledgements: Red Hat would like to thank the Advanced Threat Research team at Intel Security for reporting this issue.
Statement: Not vulnerable. This issue does not affect the qemu packages as shipped with Red Hat Enterprise Linux 5, 6 and 7.
Created qemu tracking bugs for this issue: Affects: fedora-all [bug 1153038]