Security Fix(es):

• A buffer overflow flaw was found in the way Linux kernel's vhost functionality that translates virtqueue buffers to IOVs, logged the buffer descriptors during migration. A privileged guest user able to pass descriptors with invalid length to the host when migration is underway, could use this flaw to increase their privileges on the host. (CVE-2019-14835)

https://access.redhat.com/errata/RHSA-2019:2827?sc_cid=701600000006NHXAA2