RHSA-2015:1044 - Security Advisory

Topic

An updated virtio-win package that fixes one security issue and two bugs is
now available for Red Hat Enterprise Linux 7 Supplementary.

Red Hat Product Security has rated this update as having Important security
impact. A Common Vulnerability Scoring System (CVSS) base score, which
gives a detailed severity rating, is available from the CVE link in the
References section.

Description

The virtio-win package provides paravirtualized network drivers for most
Microsoft Windows operating systems. Paravirtualized drivers are
virtualization-aware drivers used by fully virtualized guests running on
Red Hat Enterprise Linux. Fully virtualized guests using the
paravirtualized drivers gain significantly better I/O performance than
fully virtualized guests running without the drivers.

It was found that the Windows Virtio NIC driver did not sufficiently
sanitize the length of the incoming IP packets, as demonstrated by a packet
with IP options present but the overall packet length not being adjusted to
reflect the length of those options. A remote attacker able to send a
specially crafted IP packet to the guest could use this flaw to crash that
guest. (CVE-2015-3215)

Red Hat would like to thank Google Project Zero for reporting this issue.

This update also fixes the following bugs:

• When creating a Windows guest using virtio drivers and direct Logical

Unit Number (LUN) access with more than 4 SCSI disks under one
virtio-scsi-pci controller, the guest terminated unexpectedly with a stop
error, also known as the blue screen of death. This update increases the
maximum amount of LUNs per a single virtio-scsi-pci controller has been
increased to 254, which prevents the described crash from occurring.
(BZ#1207546)

• The license.txt file in the virtio-win build has been updated to include

the correct year number in the copyright information section. (BZ#1183427)

All virtio-win users are advised to upgrade to this updated package, which
contains backported patches to correct these issues.

Solution

Before applying this update, make sure all previously released errata
relevant to your system have been applied.

For details on how to apply this update, refer to:

https://access.redhat.com/articles/11258

Affected Products

• Red Hat Enterprise Linux Server 7 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.5 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.4 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.3 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.2 x86_64
• Red Hat Enterprise Linux for x86_64 - Extended Update Support 7.1 x86_64
• Red Hat Enterprise Linux Workstation 7 x86_64
• Red Hat Enterprise Linux Desktop 7 x86_64
• Red Hat Enterprise Linux Server from RHUI 7 x86_64

Fixes

• BZ - 1227634 - CVE-2015-3215 virtio-win: netkvm: malformed packet can cause BSOD

CVEs

• CVE-2015-3215

References

• http://www.redhat.com/security/updates/classification/#normal