:A vulnerability has been reported in QEMU, which can be exploited by malicious, local users to bypass certain security restrictions.The vulnerability is caused due to the "drive_init()" function in vl.c determining the format of a disk from data contained in the disk’s header. This can be exploited by a malicious user in a guest system to e.g. read arbitrary files on the host by writing a fake header to a raw formatted disk image.The vulnerability is reported in version 0.9.1. Other versions may also be affected.Solution:Fixed in the SVN repository.http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=4277Provided and/or discovered by:The vendor credits Avi Kivity.Original Advisory:http://lists.gnu.org/archive/html/qemu-devel/2008-04/msg00675.html

Original post by nitish