Synopsis:          Important: kvm security update
Issue Date:        2013-04-09
CVE Numbers:       CVE-2013-1796
                   CVE-2013-1797
                   CVE-2013-1798
--

A flaw was found in the way KVM handled guest time updates when the buffer
the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state
register (MSR) crossed a page boundary. A privileged guest user could use
this flaw to crash the host or, potentially, escalate their privileges,
allowing them to execute arbitrary code at the host kernel level.
(CVE-2013-1796)

A potential use-after-free flaw was found in the way KVM handled guest
time updates when the GPA (guest physical address) the guest registered by
writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into
a movable or removable memory region of the hosting user-space process (by
default, QEMU-KVM) on the host. If that memory region is deregistered from
KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory
reused, a privileged guest user could potentially use this flaw to
escalate their privileges on the host. (CVE-2013-1797)

A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable
Interrupt Controller). A missing validation check in the
ioapic_read_indirect() function could allow a privileged guest user to
crash the host, or read a substantial portion of host kernel memory.
(CVE-2013-1798)

The system must be rebooted for this update to take effect.
--

SL5
  x86_64
    kmod-kvm-83-262.el5_9.3.x86_64.rpm
    kmod-kvm-debug-83-262.el5_9.3.x86_64.rpm
    kvm-83-262.el5_9.3.x86_64.rpm
    kvm-debuginfo-83-262.el5_9.3.x86_64.rpm
    kvm-qemu-img-83-262.el5_9.3.x86_64.rpm
    kvm-tools-83-262.el5_9.3.x86_64.rpm

- Scientific Linux Development Team