The compiler can emit optimizations in qemu which can lead to
double fetch vulnerabilities. Specifically data on the rings shared
between qemu and the hypervisor (which the guest under control can
obtain mappings of) can be fetched twice (during which time the
guest can alter the contents) possibly leading to arbitrary code
execution in qemu.
Malicious administrators can exploit this vulnerability to take
over the qemu process, elevating its privilege to that of the qemu
process.
In a system not using a device model stub domain (or other
techniques for deprivileging qemu), malicious guest administrators
can thus elevate their privilege to that of the host.