CESA-2015:0869 -- centos 5 kvmID: oval:org.secpod.oval:def:203619 | Date: (C)2015-04-29 (M)2024-04-17 |
Class: PATCH | Family: unix |
KVM is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that KVM"s Write to Model Specific Register instruction emulation would write non-canonical values passed in by the guest to certain MSRs in the host"s context. A privileged guest user could use this flaw to crash the host. A race condition flaw was found in the way the Linux kernel"s KVM subsystem handled PIT emulation. A guest user who has access to the PIT I/O ports could use this flaw to crash the host. Red Hat would like to thank Lars Bull of Google and Nadav Amit for reporting the CVE-2014-3610 issue, and Lars Bull of Google for reporting the CVE-2014-3611 issue. All kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect.