====================================================================                   Red Hat Security Advisory

Synopsis:          Low: kvm security and bug fix update
Advisory ID:       RHSA-2011:0028-01
Product:           Red Hat Enterprise Linux
Advisory URL:      https://access.redhat.com/errata/RHSA-2011:0028.html
Issue date:        2011-01-13
CVE Names:         CVE-2010-4525 
====================================================================
1. Summary:

Updated kvm packages that fix one security issue and several bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

2. Relevant releases/architectures:

RHEL Desktop Multi OS (v. 5 client) - x86_64
RHEL Virtualization (v. 5 server) - x86_64

3. Description:

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.

A data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in QEMU-KVM
was not initialized properly before being copied to user-space. A
privileged host user with access to "/dev/kvm" could use this flaw to leak
kernel stack memory to user-space. (CVE-2010-4525)

Red Hat would like to thank Stephan Mueller of atsec information security
for reporting this issue.

These updated packages also fix several bugs. Documentation for these bug
fixes will be available shortly in the "kvm" section of the Red Hat
Enterprise Linux 5.6 Technical Notes, linked to in the References.

All KVM users should upgrade to these updated packages, which resolve this
issue as well as fixing the bugs noted in the Technical Notes. Note: The
procedure in the Solution section must be performed before this update will
take effect.

4. Solution:

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at

The following procedure must be performed before this update will take
effect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove (using
"modprobe -r [module]") and reload (using "modprobe [module]") all of the
following modules which are currently running (determined using "lsmod"):
kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.

5. Bugs fixed (http://bugzilla.redhat.com/):

503118 - kvm doesn't run with older libgcrypt, but doesn't have a RPM dependency for it
510630 - -drive arg has no way to request a read only disk
513765 - Large guest ( 256G RAM + 16 vcpu ) hang during live migration
514578 - kvm-qemu-img subpackage has dependency on qspice-libs
517565 - build KVM modules for kernel-debug too
517814 - Caps Lock the key's appearance  of guest is not synchronous as host's --view kvm with vnc
520572 - SR-IOV -- Guest exit and host hang on if boot VM with 8 VFs assigned
521247 - emulated pcnet nic in qemu-kvm has wrong PCI subsystem ID for Windows XP driver
533078 - use native smp_call_function_many/single functions
539642 - use native pci_get_bus_and_slot function
542954 - Guest suffers kernel panic when save snapshot then restart guest
555727 - Time drift in win2k3-64bit and win2k8-64bit smp guest
569743 - Change vnc password caused 'Segmentation fault'
572825 - qcow2 image corruption when using cache=writeback
574621 - Linux pvmmu guests (FC11, FC12, etc) crash on boot on AMD hosts with NPT disabled
575585 - memory reported as used (by SwapCache and by Cache) though no process holds it.
580410 - Failed to install kvm for failed dependencies: ksym
580637 - Incorrect russian vnc keymap
582038 - backport EPT accessed bit emulation
583947 - Guest aborted when make guest stop on write error
587604 - Qcow2 snapshot got corruption after commit using block device
587605 - Failed to re-base qcow2 snapshot
588251 - kvm spinning updating a guest pte, unkillable
588878 - Rebooting a kernel with kvmclock enabled, into a kernel with kvmclock disabled, causes random crashes
589017 - [rhel5.5] [kvm] dead lock in qemu during off-line migration
592021 - race condition in pvclock wallclock calculation
598042 - virtio-blk: Avoid zeroing every request structure
598488 - qcow2 corruption bug in refcount table growth
601494 - qemu-io: No permission to write image
603026 - CPU save version is now 9, but the format is _very_ different from non-RHEL5 version 9
605701 - Backport qcow2 fixes to RHEL 5
606238 - Virtio: Transfer file caused guest in same vlan abnormally quit
606394 - [kvm] debug-info missing from kvm-qemu-img-83-164.el5_5.12
606434 - [kvm] segmentation fault when running qemu-img check on faulty image
606651 - [kvm] qemu image check returns cluster errors when using virtIO block (thinly provisioned) during e_no_space events (along with EIO errors)
606953 - fork causes trouble for vcpu threads
611982 - Monitor doesn't check for 'change' command failure
619268 - rmmod kvm modules cause host kernel panic
627343 - husb: ctrl buffer too small error received for passthrough usb device, fixed upstream
629333 - fix build against kernel-devel-2.6.18-214.el5.x86_64: (cancel_work_sync() conflict)
629334 - use native cancel_work_sync() function
632707 - fix kvm build warnings and enable -Werror
637267 - spec file changes for kmod + kernel-devel build
640949 - Can not commit copy-on-write image's data to raw backing-image
641823 - kmod-kvm has unresolved deps
643272 - unresolved deps in kmod-kvm-debug-83-205.el5
643317 - "sendkey ctrl-alt-delete" don't work via VNC
645798 - Add drive readonly option to help output
648328 - TCP checksum overflows in qemu's e1000 emulation code when TSO is enabled in guest OS
651715 - qemu-kvm aborted when installing the driver for the newly hotplugged rtl8139 nic
655990 - clock drift when migrating a guest between mis-matched CPU clock speed
665470 - CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak

6. Package List:

RHEL Desktop Multi OS (v. 5 client):

Source:

x86_64:
kmod-kvm-83-224.el5.x86_64.rpm
kmod-kvm-debug-83-224.el5.x86_64.rpm
kvm-83-224.el5.x86_64.rpm
kvm-debuginfo-83-224.el5.x86_64.rpm
kvm-qemu-img-83-224.el5.x86_64.rpm
kvm-tools-83-224.el5.x86_64.rpm

RHEL Virtualization (v. 5 server):

Source:

x86_64:
kmod-kvm-83-224.el5.x86_64.rpm
kmod-kvm-debug-83-224.el5.x86_64.rpm
kvm-83-224.el5.x86_64.rpm
kvm-debuginfo-83-224.el5.x86_64.rpm
kvm-qemu-img-83-224.el5.x86_64.rpm
kvm-tools-83-224.el5.x86_64.rpm

These packages are GPG signed by Red Hat for security.  Our key and 
details on how to verify the signature are available from
https://access.redhat.com/security/team/key/#package

7. References:

https://www.redhat.com/security/data/cve/CVE-2010-4525.html
https://access.redhat.com/security/updates/classification/#low
https://access.redhat.com/search/

8. Contact:

The Red Hat security contact is .  More contact
details at https://www.redhat.com/security/team/contact/

Copyright 2011 Red Hat, Inc.

Red Hat: 2011:0028-01: kvm: Low Advisory

Updated kvm packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5

Summary

KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.
A data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in QEMU-KVM was not initialized properly before being copied to user-space. A privileged host user with access to "/dev/kvm" could use this flaw to leak kernel stack memory to user-space. (CVE-2010-4525)
Red Hat would like to thank Stephan Mueller of atsec information security for reporting this issue.
These updated packages also fix several bugs. Documentation for these bug fixes will be available shortly in the "kvm" section of the Red Hat Enterprise Linux 5.6 Technical Notes, linked to in the References.
All KVM users should upgrade to these updated packages, which resolve this issue as well as fixing the bugs noted in the Technical Notes. Note: The procedure in the Solution section must be performed before this update will take effect.



Summary


Solution

Before applying this update, make sure all previously-released errata relevant to your system have been applied.
This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at
The following procedure must be performed before this update will take effect:
1) Stop all KVM guest virtual machines.
2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd.
3) Restart the KVM guest virtual machines.

References

https://www.redhat.com/security/data/cve/CVE-2010-4525.html https://access.redhat.com/security/updates/classification/#low https://access.redhat.com/search/

Package List

RHEL Desktop Multi OS (v. 5 client):
Source:
x86_64: kmod-kvm-83-224.el5.x86_64.rpm kmod-kvm-debug-83-224.el5.x86_64.rpm kvm-83-224.el5.x86_64.rpm kvm-debuginfo-83-224.el5.x86_64.rpm kvm-qemu-img-83-224.el5.x86_64.rpm kvm-tools-83-224.el5.x86_64.rpm
RHEL Virtualization (v. 5 server):
Source:
x86_64: kmod-kvm-83-224.el5.x86_64.rpm kmod-kvm-debug-83-224.el5.x86_64.rpm kvm-83-224.el5.x86_64.rpm kvm-debuginfo-83-224.el5.x86_64.rpm kvm-qemu-img-83-224.el5.x86_64.rpm kvm-tools-83-224.el5.x86_64.rpm
These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/#package


Severity
Advisory ID: RHSA-2011:0028-01
Product: Red Hat Enterprise Linux
Advisory URL: https://access.redhat.com/errata/RHSA-2011:0028.html
Issued Date: : 2011-01-13
CVE Names: CVE-2010-4525

Topic

Updated kvm packages that fix one security issue and several bugs are nowavailable for Red Hat Enterprise Linux 5.The Red Hat Security Response Team has rated this update as having lowsecurity impact. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available from the CVE link inthe References section.


Topic


 

Relevant Releases Architectures

RHEL Desktop Multi OS (v. 5 client) - x86_64

RHEL Virtualization (v. 5 server) - x86_64


Bugs Fixed

503118 - kvm doesn't run with older libgcrypt, but doesn't have a RPM dependency for it

510630 - -drive arg has no way to request a read only disk

513765 - Large guest ( 256G RAM + 16 vcpu ) hang during live migration

514578 - kvm-qemu-img subpackage has dependency on qspice-libs

517565 - build KVM modules for kernel-debug too

517814 - Caps Lock the key's appearance of guest is not synchronous as host's --view kvm with vnc

520572 - SR-IOV -- Guest exit and host hang on if boot VM with 8 VFs assigned

521247 - emulated pcnet nic in qemu-kvm has wrong PCI subsystem ID for Windows XP driver

533078 - use native smp_call_function_many/single functions

539642 - use native pci_get_bus_and_slot function

542954 - Guest suffers kernel panic when save snapshot then restart guest

555727 - Time drift in win2k3-64bit and win2k8-64bit smp guest

569743 - Change vnc password caused 'Segmentation fault'

572825 - qcow2 image corruption when using cache=writeback

574621 - Linux pvmmu guests (FC11, FC12, etc) crash on boot on AMD hosts with NPT disabled

575585 - memory reported as used (by SwapCache and by Cache) though no process holds it.

580410 - Failed to install kvm for failed dependencies: ksym

580637 - Incorrect russian vnc keymap

582038 - backport EPT accessed bit emulation

583947 - Guest aborted when make guest stop on write error

587604 - Qcow2 snapshot got corruption after commit using block device

587605 - Failed to re-base qcow2 snapshot

588251 - kvm spinning updating a guest pte, unkillable

588878 - Rebooting a kernel with kvmclock enabled, into a kernel with kvmclock disabled, causes random crashes

589017 - [rhel5.5] [kvm] dead lock in qemu during off-line migration

592021 - race condition in pvclock wallclock calculation

598042 - virtio-blk: Avoid zeroing every request structure

598488 - qcow2 corruption bug in refcount table growth

601494 - qemu-io: No permission to write image

603026 - CPU save version is now 9, but the format is _very_ different from non-RHEL5 version 9

605701 - Backport qcow2 fixes to RHEL 5

606238 - Virtio: Transfer file caused guest in same vlan abnormally quit

606394 - [kvm] debug-info missing from kvm-qemu-img-83-164.el5_5.12

606434 - [kvm] segmentation fault when running qemu-img check on faulty image

606651 - [kvm] qemu image check returns cluster errors when using virtIO block (thinly provisioned) during e_no_space events (along with EIO errors)

606953 - fork causes trouble for vcpu threads

611982 - Monitor doesn't check for 'change' command failure

619268 - rmmod kvm modules cause host kernel panic

627343 - husb: ctrl buffer too small error received for passthrough usb device, fixed upstream

629333 - fix build against kernel-devel-2.6.18-214.el5.x86_64: (cancel_work_sync() conflict)

629334 - use native cancel_work_sync() function

632707 - fix kvm build warnings and enable -Werror

637267 - spec file changes for kmod + kernel-devel build

640949 - Can not commit copy-on-write image's data to raw backing-image

641823 - kmod-kvm has unresolved deps

643272 - unresolved deps in kmod-kvm-debug-83-205.el5

643317 - "sendkey ctrl-alt-delete" don't work via VNC

645798 - Add drive readonly option to help output

648328 - TCP checksum overflows in qemu's e1000 emulation code when TSO is enabled in guest OS

651715 - qemu-kvm aborted when installing the driver for the newly hotplugged rtl8139 nic

655990 - clock drift when migrating a guest between mis-matched CPU clock speed

665470 - CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak


Related News

22.Lock ScreenEffect Esm H320
2 - 3 min read
Red Hat recently released its newest enterprise Linux distro, Red Hat Enterprise Linux (RHEL) 9.4 , which introduces several features designed to
8.Locks HexConnections CodeGlobe Esm H320
1 - 2 min read
The latest release of Debian , one of the oldest and most trusted distributions within the Linux ecosystem, redefines security, stability, and
20.Lock AbstractDigital Circular Esm H320
1 - 2 min read
The Ubuntu security team has recently discovered and addressed multiple vulnerabilities in the Apache HTTP Server. The vulnerabilities affected
1.Penguin Landscape Esm H320
1 - 2 min read
A critical vulnerability was discovered in the Linux kernel's netfilter subsystem, specifically within the nf_tables component, posing potential
19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved