CESA-2010:0088 -- centos 5 x86_64 kvmID: oval:org.secpod.oval:def:201927 | Date: (C)2012-01-31 (M)2024-01-29 |
Class: PATCH | Family: unix |
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. The x86 emulator implementation was missing a check for the Current Privilege Level and I/O Privilege Level . A user in a guest could leverage these flaws to cause a denial of service or possibly escalate their privileges within that guest. A flaw was found in the Programmable Interval Timer emulation. Access to the internal data structure pit_state, which represents the data state of the emulated PIT, was not properly validated in the pit_ioport_read function. A privileged guest user could use this flaw to crash the host. A flaw was found in the USB passthrough handling code. A specially-crafted USB packet sent from inside a guest could be used to trigger a buffer overflow in the usb_host_handle_control function, which runs under the QEMU-KVM context on the host. A user in a guest could leverage this flaw to cause a denial of service or possibly escalate their privileges within the host. This update also fixes the following bugs: * pvclock MSR values were not preserved during remote migration, causing time drift for guests. * SMBIOS table 4 data is now generated for Windows guests. * if the qemu-kvm "-net user" option was used, unattended Windows XP installations did not receive an IP address after reboot. * when being restored from migration, a race condition caused Windows Server 2008 R2 guests to hang during shutdown. * the kernel symbol checking on the kvm-kmod build process has a safety check for ABI changes. * on hosts without high-res timers, Windows Server 2003 guests experienced significant time drift. * in some situations, installing Windows Server 2008 R2 from an ISO image resulted in a blue screen "BAD_POOL_HEADER" stop error. * a bug in the grow_refcount_table error handling caused infinite recursion in some cases. This caused the qemu-kvm process to hang and eventually crash. * for Windows Server 2003 R2, Service Pack 2, 32-bit guests, an "unhandled vm exit" error could occur during reboot on some systems. * for Windows guests, QEMU could attempt to stop a stopped audio device, resulting in a "snd_playback_stop: ASSERT playback_channel->base.active failed" error. * the Hypercall driver did not reset the device on power-down. * mechanisms have been added to make older savevm versions to be emitted in some cases. * an error in the Makefile prevented users from using the source RPM to install KVM. * guests became unresponsive and could use up to 100% CPU when running certain benchmark tests with more than 7 guests running simultaneously. * QEMU could terminate randomly with virtio-net and SMP enabled. All KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update will take effect.