Synopsis: Moderate: kvm security update
Issue date: 2010-12-06
CVE Names: CVE-2010-3698
A flaw was found in the way QEMU-KVM handled the reloading of fs and gs
segment registers when they had invalid selectors. A privileged host
user with access to "/dev/kvm" could use this flaw to crash the host
(denial of service). (CVE-2010-3698)
The following procedure must be performed before this update will take
effect:
1) Stop all KVM guest virtual machines.
2) Either reboot the hypervisor machine or, as the root user, remove
(using "modprobe -r [module]") and reload (using "modprobe [module]")
all of the following modules which are currently running (determined
using "lsmod"):
kvm, ksm, kvm-intel or kvm-amd.
3) Restart the KVM guest virtual machines.
SL 5.x
SRPMS:
kvm-83-164.el5_5.25.src.rpm
x86_64:
kmod-kvm-83-164.el5_5.25.x86_64.rpm
kvm-83-164.el5_5.25.x86_64.rpm
kvm-qemu-img-83-164.el5_5.25.x86_64.rpm
kvm-tools-83-164.el5_5.25.x86_64.rpm
-Connie Sieh
-Troy Dawson