By causing a hot-unplug of the pci-isa bridge from within
guests the qemu process could access already freed memory.
A privileged user inside the guest could exploit that to
crash the guest instance or potentially execute arbitrary
code on the host (CVE-2011-1751).

The virtio-blk driver did not properly validate read and
write request. A privileged user inside the guest could
exploit that to cause a heap corruption and crash the guest
instance or potentially execute arbitrary code on the host
(CVE-2011-1750).