Synopsis: Important: kvm security update
Issue Date: 2013-04-09
CVE Numbers: CVE-2013-1796
A flaw was found in the way KVM handled guest time updates when the buffer
the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state
register (MSR) crossed a page boundary. A privileged guest user could use
this flaw to crash the host or, potentially, escalate their privileges,
allowing them to execute arbitrary code at the host kernel level.
A potential use-after-free flaw was found in the way KVM handled guest
time updates when the GPA (guest physical address) the guest registered by
writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into
a movable or removable memory region of the hosting user-space process (by
default, QEMU-KVM) on the host. If that memory region is deregistered from
KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory
reused, a privileged guest user could potentially use this flaw to
escalate their privileges on the host. (CVE-2013-1797)
A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable
Interrupt Controller). A missing validation check in the
ioapic_read_indirect() function could allow a privileged guest user to
crash the host, or read a substantial portion of host kernel memory.
The system must be rebooted for this update to take effect.
– Scientific Linux Development Team