The redirect_stderr function in xnbd_common.c in xnbd-server and xndb-wrapper in xNBD 0.1.0 allow local users to overwrite arbitrary files via a symlink attack on /tmp/xnbd.log. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.
The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.