Some vulnerabilities have been reported in KVM, which can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS (Denial of Service).

1) The block device backends do not properly check a guest's read or write attempts, which can be exploited out of a KVM guest system to e.g. crash the KVM host or potentially escape the virtualisation jail by writing into arbitrary host memory.

Note: Successful exploitation requires privileges to send specially crafted read or write requests to the block device backends.

This is related to vulnerability #7 in:
SA25073

2) Several vulnerabilities can be exploited by malicious, local users to bypass certain security restrictions or cause a DoS (Denial of Service).

For more information see vulnerabilities #1-#6 in:
SA25073

3) An error can be exploited by a guest to read arbitrary files on the host via a specially crafted disk header.

For more information:
SA30111

Solution
Release kvm-82 fixes CVE-2007-5729 and correctly fixes CVE-2007-1320 (previously incorrectly fixed by release kvm-69, CVE-2008-4539).
Further details available to Secunia VIM customers

Provided and/or discovered by
1) Ian Jackson
2, 3) Reported in KVM by Jamie Strandboge via a Debian bug report.

Changelog
Further details available to Secunia VIM customers

Original Advisory
1) http://marc.info/?l=debian-security&m=120343592917055&w=2
2, 3) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=480011

http://sourceforge.net/project/shownotes.php?release_id=600309

Other references
Further details available to Secunia VIM customers

Deep Links
Links available to Secunia VIM customers