Synopsis: Important: kvm security update
Advisory ID: SLSA-2015:1003-1
Issue Date: 2015-05-13
CVE Numbers: CVE-2015-3456
—
An out-of-bounds memory access flaw was found in the way QEMU’s virtual
Floppy Disk Controller (FDC) handled FIFO buffer access while processing
certain FDC commands. A privileged guest user could use this flaw to crash
the guest or, potentially, execute arbitrary code on the host with the
privileges of the host’s QEMU process corresponding to the guest.
(CVE-2015-3456)
Note: The following procedure must be performed before this update will take
effect:
1) Stop all KVM guest virtual machines.
2) Either reboot the hypervisor machine or, as the root user, remove (using
“modprobe -r [module]”) and reload (using “modprobe [module]”) all of the
following modules which are currently running (determined using “lsmod”):
kvm, ksm, kvm-intel or kvm-amd.
3) Restart the KVM guest virtual machines.
—
SL5
x86_64
kmod-kvm-83-272.el5_11.x86_64.rpm
kmod-kvm-debug-83-272.el5_11.x86_64.rpm
kvm-83-272.el5_11.x86_64.rpm
kvm-debuginfo-83-272.el5_11.x86_64.rpm
kvm-qemu-img-83-272.el5_11.x86_64.rpm
kvm-tools-83-272.el5_11.x86_64.rpm
– Scientific Linux Development Team
