Описание
ELSA-2009-1465: kvm security and bug fix update (IMPORTANT)
[83-105.0.1.el5_4.7]
- Add kvm-add-oracle-workaround-for-libvirt-bug.patch
[kvm-83-105.el5_4.7]
- kvm-qemu-virtio-net-do-not-return-stack-pointer-from-fun.patch [bz#524557]
- Resolves: bz#524557 (QEMU crash (during virtio-net WHQL tests for Win2008 R2))
[kvm-83-105.el5_4.6]
- kvm-Revert-update_refcount-Write-complete-sectors.patch [bz#520693]
- kvm-Revert-alloc_cluster_link_l2-Write-complete-sectors.patch [bz#520693]
- kvm-Revert-Combined-patch-of-two-upstream-commits-the-se.patch [bz#520693]
- kvm-Revert-qcow2-Update-multiple-refcounts-at-once.patch [bz#520693]
- kvm-Revert-qcow2-Refactor-update_refcount.patch [bz#520693]
- Related: bz#520693 (Bad qcow2 performance with cache=off)
[kvm-83-105.el5_4.5]
- kvm-kernel-KVM-VMX-Optimize-vmx_get_cpl.patch [bz#524125 bz#524125]
- kvm-kernel-KVM-x86-Disallow-hypercalls-for-guest-callers-in-rin.patch [bz#524125 bz#524125]
- Resolves: bz#524125 (kernel: KVM: x86: Disallow hypercalls for guest callers in rings > 0 [rhel-5.4.z])
[83-105.el5_4.4]
- kvm-kernel-reset-hflags-on-cpu-reset.patch [bz#520694]
- Resolves: bz#520694 (NMI filtering for AMD (Windows 2008 R2 KVM guest can not restart when set it as multiple cpus))
[83-105.el5_4.3]
- kvm-kernel-Fix-coalesced-interrupt-reporting-in-IOAPIC.patch [bz#521794]
- kvm-kernel-VMX-Fix-cr8-exiting-control-clobbering-by-EPT.patch [bz#521793]
- Resolves: bz#521793 (windows 64 bit does vmexit on each cr8 access.)
- Resolves: bz#521794 (rtc-td-hack stopped working. Time drifts in windows)
- kvm-qcow2-Refactor-update_refcount.patch [bz#520693]
- kvm-qcow2-Update-multiple-refcounts-at-once.patch [bz#520693]
- kvm-Combined-patch-of-two-upstream-commits-the-second-fi.patch [bz#520693]
- kvm-alloc_cluster_link_l2-Write-complete-sectors.patch [bz#520693]
- kvm-update_refcount-Write-complete-sectors.patch [bz#520693]
- Resolves: bz#520693 (Bad qcow2 performance with cache=off)
[83-105.el5_4.2]
- Update kversion to 2.6.18-164.el5 to match build root
- kvm-kernel-add-nmi-support-to-svm.patch [bz#520694]
- Resolves: bz#520694 (NMI filtering for AMD (Windows 2008 R2 KVM guest can not restart when set it as multiple cpus))
[83-105.el5_4.1]
- Update kversion to 2.6.18-162.el5
- kvm-Initialize-PS2-keyboard-mouse-state-on-reset.patch [bz#517855]
- Resolves: bz#517855 (guest not accepting keystrokes or mouse clicks after reboot)
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
kmod-kvm
83-105.0.1.el5_4.7
kvm
83-105.0.1.el5_4.7
kvm-qemu-img
83-105.0.1.el5_4.7
kvm-tools
83-105.0.1.el5_4.7
Связанные CVE
Связанные уязвимости
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the ...
The kvm_emulate_hypercall function in arch/x86/kvm/x86.c in KVM in the Linux kernel 2.6.25-rc1, and other versions before 2.6.31, when running on x86 systems, does not prevent access to MMU hypercalls from ring 0, which allows local guest OS users to cause a denial of service (guest kernel crash) and read or write guest kernel memory via unspecified "random addresses."