Issued:
2011-01-13
Updated:
2011-01-13

RHSA-2011:0028 - Security Advisory

Synopsis

Low: kvm security and bug fix update

Type/Severity

Security Advisory: Low

Topic

Updated kvm packages that fix one security issue and several bugs are now
available for Red Hat Enterprise Linux 5.

The Red Hat Security Response Team has rated this update as having low
security impact. A Common Vulnerability Scoring System (CVSS) base score,
which gives a detailed severity rating, is available from the CVE link in
the References section.

Description

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.

A data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in QEMU-KVM
was not initialized properly before being copied to user-space. A
privileged host user with access to "/dev/kvm" could use this flaw to leak
kernel stack memory to user-space. (CVE-2010-4525)

Red Hat would like to thank Stephan Mueller of atsec information security
for reporting this issue.

These updated packages also fix several bugs. Documentation for these bug
fixes will be available shortly in the "kvm" section of the Red Hat
Enterprise Linux 5.6 Technical Notes, linked to in the References.

All KVM users should upgrade to these updated packages, which resolve this
issue as well as fixing the bugs noted in the Technical Notes. Note: The
procedure in the Solution section must be performed before this update will
take effect.

Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
http://kbase.redhat.com/faq/docs/DOC-11259

The following procedure must be performed before this update will take
effect:

1) Stop all KVM guest virtual machines.

2) Either reboot the hypervisor machine or, as the root user, remove (using
"modprobe -r [module]") and reload (using "modprobe [module]") all of the
following modules which are currently running (determined using "lsmod"):
kvm, ksm, kvm-intel or kvm-amd.

3) Restart the KVM guest virtual machines.

Affected Products

  • Red Hat Enterprise Linux Server 5 x86_64
  • Red Hat Enterprise Linux Workstation 5 x86_64

Fixes

  • BZ - 503118 - kvm doesn't run with older libgcrypt, but doesn't have a RPM dependency for it
  • BZ - 510630 - -drive arg has no way to request a read only disk
  • BZ - 513765 - Large guest ( 256G RAM + 16 vcpu ) hang during live migration
  • BZ - 514578 - kvm-qemu-img subpackage has dependency on qspice-libs
  • BZ - 517565 - build KVM modules for kernel-debug too
  • BZ - 517814 - Caps Lock the key's appearance of guest is not synchronous as host's --view kvm with vnc
  • BZ - 520572 - SR-IOV -- Guest exit and host hang on if boot VM with 8 VFs assigned
  • BZ - 521247 - emulated pcnet nic in qemu-kvm has wrong PCI subsystem ID for Windows XP driver
  • BZ - 533078 - use native smp_call_function_many/single functions
  • BZ - 539642 - use native pci_get_bus_and_slot function
  • BZ - 542954 - Guest suffers kernel panic when save snapshot then restart guest
  • BZ - 555727 - Time drift in win2k3-64bit and win2k8-64bit smp guest
  • BZ - 569743 - Change vnc password caused 'Segmentation fault'
  • BZ - 572825 - qcow2 image corruption when using cache=writeback
  • BZ - 574621 - Linux pvmmu guests (FC11, FC12, etc) crash on boot on AMD hosts with NPT disabled
  • BZ - 575585 - memory reported as used (by SwapCache and by Cache) though no process holds it.
  • BZ - 580410 - Failed to install kvm for failed dependencies: ksym
  • BZ - 580637 - Incorrect russian vnc keymap
  • BZ - 582038 - backport EPT accessed bit emulation
  • BZ - 583947 - Guest aborted when make guest stop on write error
  • BZ - 587604 - Qcow2 snapshot got corruption after commit using block device
  • BZ - 587605 - Failed to re-base qcow2 snapshot
  • BZ - 588251 - kvm spinning updating a guest pte, unkillable
  • BZ - 588878 - Rebooting a kernel with kvmclock enabled, into a kernel with kvmclock disabled, causes random crashes
  • BZ - 589017 - [rhel5.5] [kvm] dead lock in qemu during off-line migration
  • BZ - 592021 - race condition in pvclock wallclock calculation
  • BZ - 598042 - virtio-blk: Avoid zeroing every request structure
  • BZ - 598488 - qcow2 corruption bug in refcount table growth
  • BZ - 601494 - qemu-io: No permission to write image
  • BZ - 603026 - CPU save version is now 9, but the format is _very_ different from non-RHEL5 version 9
  • BZ - 605701 - Backport qcow2 fixes to RHEL 5
  • BZ - 606238 - Virtio: Transfer file caused guest in same vlan abnormally quit
  • BZ - 606394 - [kvm] debug-info missing from kvm-qemu-img-83-164.el5_5.12
  • BZ - 606434 - [kvm] segmentation fault when running qemu-img check on faulty image
  • BZ - 606651 - [kvm] qemu image check returns cluster errors when using virtIO block (thinly provisioned) during e_no_space events (along with EIO errors)
  • BZ - 606953 - fork causes trouble for vcpu threads
  • BZ - 611982 - Monitor doesn't check for 'change' command failure
  • BZ - 619268 - rmmod kvm modules cause host kernel panic
  • BZ - 627343 - husb: ctrl buffer too small error received for passthrough usb device, fixed upstream
  • BZ - 629333 - fix build against kernel-devel-2.6.18-214.el5.x86_64: (cancel_work_sync() conflict)
  • BZ - 629334 - use native cancel_work_sync() function
  • BZ - 632707 - fix kvm build warnings and enable -Werror
  • BZ - 637267 - spec file changes for kmod + kernel-devel build
  • BZ - 640949 - Can not commit copy-on-write image's data to raw backing-image
  • BZ - 641823 - kmod-kvm has unresolved deps
  • BZ - 643272 - unresolved deps in kmod-kvm-debug-83-205.el5
  • BZ - 643317 - "sendkey ctrl-alt-delete" don't work via VNC
  • BZ - 645798 - Add drive readonly option to help output
  • BZ - 648328 - TCP checksum overflows in qemu's e1000 emulation code when TSO is enabled in guest OS
  • BZ - 651715 - qemu-kvm aborted when installing the driver for the newly hotplugged rtl8139 nic
  • BZ - 655990 - clock drift when migrating a guest between mis-matched CPU clock speed
  • BZ - 665470 - CVE-2010-4525 kvm: x86: zero kvm_vcpu_events->interrupt.pad infoleak

CVEs

References

Red Hat Enterprise Linux Server 5

SRPM
kvm-83-224.el5.src.rpm SHA-256: 1e6edf422b65c065984534aa605868f12af82a05e623ff3abf425df79a2b058f
x86_64
kmod-kvm-83-224.el5.x86_64.rpm SHA-256: ee5e28e5c17ea815865a97b84ec4546ea60aa46878aeeaa088d0a646814d1d9a
kmod-kvm-debug-83-224.el5.x86_64.rpm SHA-256: b4b24e2cf7a504868de35ce5cd659038218255f756ce2af8f439a3241acd513d
kvm-83-224.el5.x86_64.rpm SHA-256: 30600b6afc006877756962647a2c5f4148890e4941c1c49f202d4981a139fd44
kvm-qemu-img-83-224.el5.x86_64.rpm SHA-256: 9dc9483cc026b35bd85b4ee753b911bc77de2b32cfe497dea5614b3be826ec0a
kvm-tools-83-224.el5.x86_64.rpm SHA-256: 66709b789a27aa361d4d89596067f7284771873f3c478fd01afdff3cdb26838d

Red Hat Enterprise Linux Workstation 5

SRPM
kvm-83-224.el5.src.rpm SHA-256: 1e6edf422b65c065984534aa605868f12af82a05e623ff3abf425df79a2b058f
x86_64
kmod-kvm-83-224.el5.x86_64.rpm SHA-256: ee5e28e5c17ea815865a97b84ec4546ea60aa46878aeeaa088d0a646814d1d9a
kmod-kvm-debug-83-224.el5.x86_64.rpm SHA-256: b4b24e2cf7a504868de35ce5cd659038218255f756ce2af8f439a3241acd513d
kvm-83-224.el5.x86_64.rpm SHA-256: 30600b6afc006877756962647a2c5f4148890e4941c1c49f202d4981a139fd44
kvm-qemu-img-83-224.el5.x86_64.rpm SHA-256: 9dc9483cc026b35bd85b4ee753b911bc77de2b32cfe497dea5614b3be826ec0a
kvm-tools-83-224.el5.x86_64.rpm SHA-256: 66709b789a27aa361d4d89596067f7284771873f3c478fd01afdff3cdb26838d

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/.