The virConnect*HypervisorCPU APIs allow reporting CPU capabilities from arbitrary emulator binaries without checking for a read-only connection. This allows unprivileged users to execute arbitrary binaries with elevated privileges.