This script is Copyright (C) 2012 Tenable Network Security, Inc.
The remote Scientific Linux host is missing one or more security
A data structure field in kvm_vcpu_ioctl_x86_get_vcpu_events() in
QEMU-KVM was not initialized properly before being copied to
user-space. A privileged host user with access to '/dev/kvm' could use
this flaw to leak kernel stack memory to user-space. (CVE-2010-4525)
These updated packages also fix several bugs.
The following procedure must be performed before this update will take
1) Stop all KVM guest virtual machines.
2) Either reboot the hypervisor machine or, as the root user, remove
(using 'modprobe -r [module]') and reload (using 'modprobe [module]')
all of the following modules which are currently running (determined
using 'lsmod'): kvm, ksm, kvm-intel or kvm-amd.
3) Restart the KVM guest virtual machines.
See also :
Update the affected packages.
Risk factor :
Low / CVSS Base Score : 1.9
Family: Scientific Linux Local Security Checks
Nessus Plugin ID: 60934 ()
CVE ID: CVE-2010-4525