CVE-2015-4106
http://xenbits.xen.org/xsa/advisory-131.html
Unmediated PCI register access in qemu
Qemu allows guests to not only read, but also write all parts of the PCI config space (but not extended config space) of passed through PCI devices not explicitly dealt with for (partial) emulation purposes.
logic error
http://xenbits.xen.org/xsa/xsa131-qemut-1.patch
http://xenbits.xen.org/xsa/xsa131-qemut-2.patch
http://xenbits.xen.org/xsa/xsa131-qemut-3.patch
http://xenbits.xen.org/xsa/xsa131-qemut-4.patch
http://xenbits.xen.org/xsa/xsa131-qemut-5.patch
http://xenbits.xen.org/xsa/xsa131-qemut-6.patch
http://xenbits.xen.org/xsa/xsa131-qemut-7.patch
http://xenbits.xen.org/xsa/xsa131-qemut-8.patch
Since the effect depends on the specific purpose of the the config space field, it’s not possbile to give a general statement about the exact impact on the host or other guests. Privilege escalation, host crash (Denial of Service), and leaked information all cannot be excluded.
DoS, privilege escalation, information leak