Scientific Linux SL5: SLSA-2015:0869-1 Important KVM Security Update

Date: Wed, 22 Apr 2015 14:11:07 +0000
Reply-To: scientific-linux-users@
Sender: Security Errata for Scientific Linux
 
From: Pat Riehecky 
Subject: Security ERRATA Important: kvm on SL5.x x86_64
MIME-Version: 1.0

Synopsis: Important: kvm security update
Advisory ID: SLSA-2015:0869-1
Issue Date: 2015-04-22
CVE Numbers: CVE-2014-3611
 CVE-2014-3610
--

It was found that KVM's Write to Model Specific Register (WRMSR)
instruction emulation would write non-canonical values passed in by the
guest to certain MSRs in the host's context. A privileged guest user could
use this flaw to crash the host. (CVE-2014-3610)

A race condition flaw was found in the way the Linux kernel's KVM
subsystem handled PIT (Programmable Interval Timer) emulation. A guest
user who has access to the PIT I/O ports could use this flaw to crash the
host. (CVE-2014-3611)

Note: The following procedure must be performed before this update will take
effect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove (using
"modprobe -r [module]") and reload (using "modprobe [module]") all of the
following modules which are currently running (determined using "lsmod"):
kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.

or you may restart your system.
--

SL5
 x86_64
 kmod-kvm-83-270.el5_11.x86_64.rpm
 kmod-kvm-debug-83-270.el5_11.x86_64.rpm
 kvm-83-270.el5_11.x86_64.rpm
 kvm-debuginfo-83-270.el5_11.x86_64.rpm
 kvm-qemu-img-83-270.el5_11.x86_64.rpm
 kvm-tools-83-270.el5_11.x86_64.rpm

- Scientific Linux Development Team