It was discovered that libvirt is accidentally leaking a file descriptor for /dev/mapper/control into the QEMU process. This file descriptor allows for privileged operations to be made against device mapper on the host. Thus a malicious QEMU has the potential to do serious damage to the host OS.