Scientific Linux Security Update : kvm on SL5.x x86_64 (20130409)

medium Nessus Plugin ID 65906

Synopsis

The remote Scientific Linux host is missing one or more security updates.

Description

A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796)

A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797)

A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory.
(CVE-2013-1798)

The system must be rebooted for this update to take effect.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?ba2bc32f

Plugin Details

Severity: Medium

ID: 65906

File Name: sl_20130409_kvm_on_SL5_x.nasl

Version: 1.5

Type: local

Agent: unix

Published: 4/10/2013

Updated: 1/14/2021

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.8

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Vector: CVSS2#AV:A/AC:H/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:fermilab:scientific_linux:kmod-kvm, p-cpe:/a:fermilab:scientific_linux:kmod-kvm-debug, p-cpe:/a:fermilab:scientific_linux:kvm, p-cpe:/a:fermilab:scientific_linux:kvm-debuginfo, p-cpe:/a:fermilab:scientific_linux:kvm-qemu-img, p-cpe:/a:fermilab:scientific_linux:kvm-tools, x-cpe:/o:fermilab:scientific_linux

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/RedHat/release, Host/RedHat/rpm-list

Patch Publication Date: 4/9/2013

Vulnerability Publication Date: 3/22/2013

Reference Information

CVE: CVE-2013-1796, CVE-2013-1797, CVE-2013-1798