Subject: | |
From: | |
Reply To: | |
Date: | Tue, 9 Apr 2013 19:43:40 +0000 |
Content-Type: | text/plain |
Parts/Attachments: |
|
|
Synopsis: Important: kvm security update
Issue Date: 2013-04-09
CVE Numbers: CVE-2013-1796
CVE-2013-1797
CVE-2013-1798
--
A flaw was found in the way KVM handled guest time updates when the buffer
the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state
register (MSR) crossed a page boundary. A privileged guest user could use
this flaw to crash the host or, potentially, escalate their privileges,
allowing them to execute arbitrary code at the host kernel level.
(CVE-2013-1796)
A potential use-after-free flaw was found in the way KVM handled guest
time updates when the GPA (guest physical address) the guest registered by
writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into
a movable or removable memory region of the hosting user-space process (by
default, QEMU-KVM) on the host. If that memory region is deregistered from
KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory
reused, a privileged guest user could potentially use this flaw to
escalate their privileges on the host. (CVE-2013-1797)
A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable
Interrupt Controller). A missing validation check in the
ioapic_read_indirect() function could allow a privileged guest user to
crash the host, or read a substantial portion of host kernel memory.
(CVE-2013-1798)
The system must be rebooted for this update to take effect.
--
SL5
x86_64
kmod-kvm-83-262.el5_9.3.x86_64.rpm
kmod-kvm-debug-83-262.el5_9.3.x86_64.rpm
kvm-83-262.el5_9.3.x86_64.rpm
kvm-debuginfo-83-262.el5_9.3.x86_64.rpm
kvm-qemu-img-83-262.el5_9.3.x86_64.rpm
kvm-tools-83-262.el5_9.3.x86_64.rpm
- Scientific Linux Development Team
|
|
|