Synopsis: Moderate: kvm security update Issue date: 2010-12-06 CVE Names: CVE-2010-3698 A flaw was found in the way QEMU-KVM handled the reloading of fs and gs segment registers when they had invalid selectors. A privileged host user with access to "/dev/kvm" could use this flaw to crash the host (denial of service). (CVE-2010-3698) The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. SL 5.x SRPMS: kvm-83-164.el5_5.25.src.rpm x86_64: kmod-kvm-83-164.el5_5.25.x86_64.rpm kvm-83-164.el5_5.25.x86_64.rpm kvm-qemu-img-83-164.el5_5.25.x86_64.rpm kvm-tools-83-164.el5_5.25.x86_64.rpm -Connie Sieh -Troy Dawson