Red Hat warns that root users in guest systems virtualised with KVM may gain access to host’s entire storage devices. The vulnerability exists when a hosts makes available partitios or LVM volumes to the guest as raw disks via virtio. Then guest may send SCSI requests to underlying devices that gives him an access to entire device, not only to permitted partitions or volumes.

source: Heise Online
02.01.2012