Synopsis: Important: kvm security update Issue Date: 2013-04-09 CVE Numbers: CVE-2013-1796 CVE-2013-1797 CVE-2013-1798 -- A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796) A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797) A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798) The system must be rebooted for this update to take effect. -- SL5 x86_64 kmod-kvm-83-262.el5_9.3.x86_64.rpm kmod-kvm-debug-83-262.el5_9.3.x86_64.rpm kvm-83-262.el5_9.3.x86_64.rpm kvm-debuginfo-83-262.el5_9.3.x86_64.rpm kvm-qemu-img-83-262.el5_9.3.x86_64.rpm kvm-tools-83-262.el5_9.3.x86_64.rpm - Scientific Linux Development Team