Home
Reading
Searching
Subscribe
Sponsors
Statistics
Posting
Contact
Spam
Lists
Links
About
Hosting
Filtering
Features Download
Marketing
Archives
FAQ
Blog
 
Gmane
From: Pat Riehecky <riehecky-13hema8v3vg <at> public.gmane.org>
Subject: Security ERRATA Important: kvm on SL5.x x86_64
Newsgroups: gmane.linux.scientific.errata
Date: Tuesday 9th April 2013 19:43:40 UTC (over 3 years ago)
Synopsis:          Important: kvm security update
Issue Date:        2013-04-09
CVE Numbers:       CVE-2013-1796
                   CVE-2013-1797
                   CVE-2013-1798
--

A flaw was found in the way KVM handled guest time updates when the buffer
the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state
register (MSR) crossed a page boundary. A privileged guest user could use
this flaw to crash the host or, potentially, escalate their privileges,
allowing them to execute arbitrary code at the host kernel level.
(CVE-2013-1796)

A potential use-after-free flaw was found in the way KVM handled guest
time updates when the GPA (guest physical address) the guest registered by
writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into
a movable or removable memory region of the hosting user-space process (by
default, QEMU-KVM) on the host. If that memory region is deregistered from
KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory
reused, a privileged guest user could potentially use this flaw to
escalate their privileges on the host. (CVE-2013-1797)

A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable
Interrupt Controller). A missing validation check in the
ioapic_read_indirect() function could allow a privileged guest user to
crash the host, or read a substantial portion of host kernel memory.
(CVE-2013-1798)

The system must be rebooted for this update to take effect.
--

SL5
  x86_64
    kmod-kvm-83-262.el5_9.3.x86_64.rpm
    kmod-kvm-debug-83-262.el5_9.3.x86_64.rpm
    kvm-83-262.el5_9.3.x86_64.rpm
    kvm-debuginfo-83-262.el5_9.3.x86_64.rpm
    kvm-qemu-img-83-262.el5_9.3.x86_64.rpm
    kvm-tools-83-262.el5_9.3.x86_64.rpm

- Scientific Linux Development Team
 
CD: 4ms