Published: 21 February 2013
The translate_desc function in drivers/vhost/vhost.c in the Linux kernel before 3.7 does not properly handle cross-region descriptors, which allows guest OS users to obtain host OS privileges by leveraging KVM guest OS privileges.
From the Ubuntu security team
A flaw was discovered in the Linux kernel's vhost driver used to accelerate guest networking in KVM based virtual machines. A privileged guest user could exploit this flaw to crash the host system.
this is a bug in the vhost driver which was introduced in this commit: 3a4d5c94e959359ece6d6b55045c3f046677f55c