Red Hat Security Advisory 2015-1837-01 – KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. The qemu-kvm-rhev package provides the user-space component for running virtual machines using KVM. A heap-based buffer overflow issue was found in the QEMU emulator’s VNC display driver. It could occur while refreshing the VNC server’s display surface using the vnc_refresh_server_surface() routine. A privileged guest user could use this flaw to corrupt the heap memory and crash the QEMU process instance, or to potentially use it to execute arbitrary code on the host.