Updated kvm packages that fix two security issues are now available for RedHat Enterprise Linux 5.Red Hat Product Security has rated this update as having Important securityimpact. Common Vulnerability Scoring System (CVSS) base scores, which givedetailed severity ratings, are available for each vulnerability from theCVE links in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built forthe standard Red Hat Enterprise Linux kernel.It was found that KVM’s Write to Model Specific Register (WRMSR)instruction emulation would write non-canonical values passed in by theguest to certain MSRs in the host’s context. A privileged guest user coulduse this flaw to crash the host. (CVE-2014-3610)A race condition flaw was found in the way the Linux kernel’s KVM subsystemhandled PIT (Programmable Interval Timer) emulation. A guest user who hasaccess to the PIT I/O ports could use this flaw to crash the host.(CVE-2014-3611)Red Hat would like to thank Lars Bull of Google and Nadav Amit forreporting the CVE-2014-3610 issue, and Lars Bull of Google for reportingthe CVE-2014-3611 issue.All kvm users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. Note: The procedure inthe Solution section must be performed before this update will take effect.
Before applying this update, make sure all previously released erratarelevant to your system have been applied.For details on how to apply this update, refer to:https://access.redhat.com/articles/11258The following procedure must be performed before this update will takeeffect:1) Stop all KVM guest virtual machines.2) Either reboot the hypervisor machine or, as the root user, remove (using”modprobe -r [module]”) and reload (using “modprobe [module]”) all of thefollowing modules which are currently running (determined using “lsmod”):kvm, ksm, kvm-intel or kvm-amd.3) Restart the KVM guest virtual machines.RHEL Desktop Multi OS (v. 5 client)

SRPMS:
kvm-83-270.el5_11.src.rpm
    MD5: 845613cff7a8597f7cc75183ffdc1179SHA-256: c629e6854dada09d3511669d18a3e631867ffc0274987530833a46c5286d41de
 
x86_64:
kmod-kvm-83-270.el5_11.x86_64.rpm
    MD5: 09b79bacf593383239313ea96dada5f6SHA-256: 9880466bf433b84828426b5116de8420d217d0902c78b5ce34837d27e4b20404
kmod-kvm-debug-83-270.el5_11.x86_64.rpm
    MD5: e4fe9eb1d86bd327db43ee7ac673ffffSHA-256: 005690052bb02a193c85b8d1bbe5c39d0f553d90c8c3581749d5dd785a434534
kvm-83-270.el5_11.x86_64.rpm
    MD5: 330a280aab93d5b99f0cdd30efdff6e0SHA-256: e1fce80ecb373158a5f3d06c71808fdbf8171f7c5da94a1cf228709216351f4f
kvm-debuginfo-83-270.el5_11.x86_64.rpm
    MD5: 1a06355d746344234aa30d28918b7debSHA-256: 8a18d860adeec65fd59d534d9df71416561e7c6aa381013fb8f76ba659988d09
kvm-qemu-img-83-270.el5_11.x86_64.rpm
    MD5: ee96628a7ceda12decb5d9521d76b96cSHA-256: 6282d5d8e822b529df0a9ab0d08a50cb0fd3173c63b93c0d2b6776690406972e
kvm-tools-83-270.el5_11.x86_64.rpm
    MD5: 5581ca73f13bb9f09125c714c78b1ddcSHA-256: 5201ad6df83adcd9c9888b4b9f9ccdf0c01392703f00a97f5e755a1e0b6b4b78
 
RHEL Virtualization (v. 5 server)

SRPMS:
kvm-83-270.el5_11.src.rpm
    MD5: 845613cff7a8597f7cc75183ffdc1179SHA-256: c629e6854dada09d3511669d18a3e631867ffc0274987530833a46c5286d41de
 
x86_64:
kmod-kvm-83-270.el5_11.x86_64.rpm
    MD5: 09b79bacf593383239313ea96dada5f6SHA-256: 9880466bf433b84828426b5116de8420d217d0902c78b5ce34837d27e4b20404
kmod-kvm-debug-83-270.el5_11.x86_64.rpm
    MD5: e4fe9eb1d86bd327db43ee7ac673ffffSHA-256: 005690052bb02a193c85b8d1bbe5c39d0f553d90c8c3581749d5dd785a434534
kvm-83-270.el5_11.x86_64.rpm
    MD5: 330a280aab93d5b99f0cdd30efdff6e0SHA-256: e1fce80ecb373158a5f3d06c71808fdbf8171f7c5da94a1cf228709216351f4f
kvm-debuginfo-83-270.el5_11.x86_64.rpm
    MD5: 1a06355d746344234aa30d28918b7debSHA-256: 8a18d860adeec65fd59d534d9df71416561e7c6aa381013fb8f76ba659988d09
kvm-qemu-img-83-270.el5_11.x86_64.rpm
    MD5: ee96628a7ceda12decb5d9521d76b96cSHA-256: 6282d5d8e822b529df0a9ab0d08a50cb0fd3173c63b93c0d2b6776690406972e
kvm-tools-83-270.el5_11.x86_64.rpm
    MD5: 5581ca73f13bb9f09125c714c78b1ddcSHA-256: 5201ad6df83adcd9c9888b4b9f9ccdf0c01392703f00a97f5e755a1e0b6b4b78
 
(The unlinked packages above are only available from the Red Hat Network)
1144878 – CVE-2014-3611 kernel: kvm: PIT timer race condition1144883 – CVE-2014-3610 kernel: kvm: noncanonical MSR writes

These packages are GPG signed by Red Hat for security. Our key and
details on how to verify the signature are available from:

Leave a Reply