Subject: | |
From: | |
Reply To: | |
Date: | Tue, 9 Feb 2010 11:33:28 -0600 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: kvm security and bug fix update
Issue date: 2010-02-09
CVE Names: CVE-2010-0297 CVE-2010-0298 CVE-2010-0306
CVE-2010-0309
The x86 emulator implementation was missing a check for the Current
Privilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guest
could leverage these flaws to cause a denial of service (guest crash) or
possibly escalate their privileges within that guest. (CVE-2010-0298,
CVE-2010-0306)
A flaw was found in the Programmable Interval Timer (PIT) emulation.
Access to the internal data structure pit_state, which represents the
data state of the emulated PIT, was not properly validated in the
pit_ioport_read() function. A privileged guest user could use this flaw
to crash the host. (CVE-2010-0309)
A flaw was found in the USB passthrough handling code. A
specially-crafted USB packet sent from inside a guest could be used to
trigger a buffer overflow in the usb_host_handle_control() function,
which runs under the QEMU-KVM context on the host. A user in a guest
could leverage this flaw to cause a denial of service (guest hang or
crash) or possibly escalate their privileges within the host.
(CVE-2010-0297)
This update also fixes the following bugs:
* pvclock MSR values were not preserved during remote migration, causing
time drift for guests. (BZ#537028)
* SMBIOS table 4 data is now generated for Windows guests. (BZ#545874)
* if the qemu-kvm "-net user" option was used, unattended Windows XP
installations did not receive an IP address after reboot. (BZ#546562)
* when being restored from migration, a race condition caused Windows
Server 2008 R2 guests to hang during shutdown. (BZ#546563)
* the kernel symbol checking on the kvm-kmod build process has a safety
check for ABI changes. (BZ#547293)
* on hosts without high-res timers, Windows Server 2003 guests
experienced significant time drift. (BZ#547625)
* in some situations, installing Windows Server 2008 R2 from an ISO
image resulted in a blue screen "BAD_POOL_HEADER" stop error. (BZ#548368)
* a bug in the grow_refcount_table() error handling caused infinite
recursion in some cases. This caused the qemu-kvm process to hang and
eventually crash. (BZ#552159)
* for Windows Server 2003 R2, Service Pack 2, 32-bit guests, an
"unhandled vm exit" error could occur during reboot on some systems.
(BZ#552518)
* for Windows guests, QEMU could attempt to stop a stopped audio device,
resulting in a "snd_playback_stop: ASSERT playback_channel->base.active
failed" error. (BZ#552519)
* the Hypercall driver did not reset the device on power-down. (BZ#552528)
* mechanisms have been added to make older savevm versions to be emitted
in some cases. (BZ#552529)
* an error in the Makefile prevented users from using the source RPM to
install KVM. (BZ#552530)
* guests became unresponsive and could use up to 100% CPU when running
certain benchmark tests with more than 7 guests running simultaneously.
(BZ#553249)
* QEMU could terminate randomly with virtio-net and SMP enabled.
(BZ#561022)
NOTE - The following procedure must be performed before this update will
take effect:
1) Stop all KVM guest virtual machines.
2) Either reboot the hypervisor machine or, as the root user, remove
(using "modprobe -r [module]") and reload (using "modprobe [module]")
all of the following modules which are currently running (determined
using "lsmod"): kvm, ksm, kvm-intel or kvm-amd.
3) Restart the KVM guest virtual machines.
SL 5.x
SRPMS:
kvm-83-105.el5_4.22.src.rpm
x86_64:
kmod-kvm-83-105.el5_4.22.x86_64.rpm
kvm-83-105.el5_4.22.x86_64.rpm
kvm-qemu-img-83-105.el5_4.22.x86_64.rpm
kvm-tools-83-105.el5_4.22.x86_64.rpm
-Connie Sieh
-Troy Dawson
|
|
|