Oracle Enterprise Linux has released security update for libvirt to fix the vulnerabilities.
Oracle Linux 7
Sucessful exploitation of the vulnerability can allow an attacker to:
1)allows remote attackers to bypass authentication and establish a VNC session by connecting to the server.
2)allows local users with storage_vol:create ACL but not domain:write permission to write to arbitrary files via a .. (dot dot) in a volume name.