QEMU: user-to-root privesc inside VM via bad translation caching bugs.chromium.org 3 points by gbrown_ 9 years ago