Back in May was the big "VENOM" security vulnerability affect QEMU whereby VM security could be escaped through QEMU's virtual floppy disk drive. In June was a PCNET controller buffer overflow allowing a guest to escape to have host access. Today there's a similar security vulnerability going public about its virtual CD-ROM drive...
July 27, 2015
QEMU Vulnerability Exposes The Host Through Emulated CD-ROM Drive
Read more at Phoronix