The source of this vulnerability is a buffer overflow in the virtual floppy disk controller. The bug is present since 2004 in the open source QEMU emulator, whose legacy controller is now used in Xen, KVM, and Virtualbox virtualization platforms. Bochs, VMWare, and Microsoft Hyper-V are immune to the bug.
Upcoming updates of affected platforms will introduce corrections to bugs already announced; meanwhile, the easiest remedy is to disable the floppy driver on the virtualization platform. On the other hand in 2015 you can do without the floppy in most cases.