Описание
ELSA-2010-0126: kvm security and bug fix update (IMPORTANT)
[kvm-83-105.0.1.el5_4.27]
- Add kvm-add-oracle-workaround-for-libvirt-bug.patch
[kvm-83-105.el5_4.27]
- kvm-kernel-KVM-VMX-Check-cpl-before-emulating-debug-register-ac.patch [bz#563516]
- Resolves: bz#563516 (KVM: Check cpl before emulating debug register access [rhel-5.4.z])
[kvm-83-105.el5_4.26]
- kvm-kernel-KVM-Don-t-check-access-permission-when-loading-segme.patch [bz#563464]
- kvm-kernel-KVM-Disable-move-to-segment-registers-and-jump-far-i.patch [bz#563464]
- Resolves: bz#563464 (EMBARGOED CVE-2010-0419 kvm: emulator privilege escalation segment selector check [rhel-5.4.z])
[kvm-83-105.el5_4.25]
- kvm-virtio-blk-Fix-reads-turned-into-writes-after-read-e.patch [bz#562776]
- kvm-virtio-blk-Handle-bdrv_aio_read-write-NULL-return.patch [bz#562776]
- Resolves: bz#562776 (Guest image corruption after RHEV-H update to 5.4-2.1.3.el5_4rhev2_1)
[kvm-83-105.el5_4.24]
- Apply bz#561022 patches again (undo the reverts from kvm-83-105.el5_4.23)
- kvm-qemu-add-routines-for-atomic-16-bit-accesses-take-2.patch [bz#561022]
- kvm-qemu-virtio-atomic-access-for-index-values-take-2.patch [bz#561022]
- Resolves: bz#561022 (QEMU terminates without warning with virtio-net and SMP enabled)
[kvm-83-105.el5_4.23]
- Revert bz#561022 patches by now, until they get better testing
- kvm-Revert-qemu-virtio-atomic-access-for-index-values.patch [bz#561022]
- kvm-Revert-qemu-add-routines-for-atomic-16-bit-accesses.patch [bz#561022]
- Related: bz#561022 (QEMU terminates without warning with virtio-net and SMP enabled)
Обновленные пакеты
Oracle Linux 5
Oracle Linux x86_64
kmod-kvm
83-105.0.1.el5_4.27
kvm
83-105.0.1.el5_4.27
kvm-qemu-img
83-105.0.1.el5_4.27
kvm-tools
83-105.0.1.el5_4.27
Связанные CVE
Связанные уязвимости
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
The x86 emulator in KVM 83, when a guest is configured for Symmetric Multiprocessing (SMP), does not properly restrict writing of segment selectors to segment registers, which might allow guest OS users to cause a denial of service (guest OS crash) or gain privileges on the guest OS by leveraging access to a (1) IO port or (2) MMIO region, and replacing an instruction in between emulator entry and instruction fetch.
The x86 emulator in KVM 83, when a guest is configured for Symmetric M ...
The handle_dr function in arch/x86/kvm/vmx.c in the KVM subsystem in the Linux kernel before 2.6.31.1 does not properly verify the Current Privilege Level (CPL) before accessing a debug register, which allows guest OS users to cause a denial of service (trap) on the host OS via a crafted application.