Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 530
Alerts This Week
Warning Icon 1 530

Scientific Linux: CVE-2013-1796 Important KVM Security Update

Scientific Large Esm H446
Important: kvm security update
Date: Tue, 9 Apr 2013 19:43:40 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: kvm on SL5.x x86_64
MIME-Version: 1.0

Synopsis: Important: kvm security update
Issue Date: 2013-04-09
CVE Numbers: CVE-2013-1796
 CVE-2013-1797
 CVE-2013-1798
--

A flaw was found in the way KVM handled guest time updates when the buffer
the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state
register (MSR) crossed a page boundary. A privileged guest user could use
this flaw to crash the host or, potentially, escalate their privileges,
allowing them to execute arbitrary code at the host kernel level.
(CVE-2013-1796)

A potential use-after-free flaw was found in the way KVM handled guest
time updates when the GPA (guest physical address) the guest registered by
writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into
a movable or removable memory region of the hosting user-space process (by
default, QEMU-KVM) on the host. If that memory region is deregistered from
KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory
reused, a privileged guest user could potentially use this flaw to
escalate their privileges on the host. (CVE-2013-1797)

A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable
Interrupt Controller). A missing validation check in the
ioapic_read_indirect() function could allow a privileged guest user to
crash the host, or read a substantial portion of host kernel memory.
(CVE-2013-1798)

The system must be rebooted for this update to take effect.
--

SL5
 x86_64
 kmod-kvm-83-262.el5_9.3.x86_64.rpm
 kmod-kvm-debug-83-262.el5_9.3.x86_64.rpm
 kvm-83-262.el5_9.3.x86_64.rpm
 kvm-debuginfo-83-262.el5_9.3.x86_64.rpm
 kvm-qemu-img-83-262.el5_9.3.x86_64.rpm
 kvm-tools-83-262.el5_9.3.x86_64.rpm

- Scientific Linux Development Team