The slirp_smb function in net/slirp.c in QEMU 2.3.0 and earlier creates temporary files with predictable names, which allows local users to cause a denial of service (instantiation failure) by creating /tmp/qemu-smb.*-* files before the program. http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4037