CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
26.7%
CentOS Errata and Security Advisory CESA-2009:1465
KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.
The kvm_emulate_hypercall() implementation was missing a check for the
Current Privilege Level (CPL). A local, unprivileged user in a virtual
machine could use this flaw to cause a local denial of service or escalate
their privileges within that virtual machine. (CVE-2009-3290)
This update also fixes the following bugs:
non-maskable interrupts (NMI) were not supported on systems with AMD
processors. As a consequence, Windows Server 2008 R2 guests running with
more than one virtual CPU assigned on systems with AMD processors would
hang at the Windows shut down screen when a restart was attempted. This
update adds support for NMI filtering on systems with AMD processors,
allowing clean restarts of Windows Server 2008 R2 guests running with
multiple virtual CPUs. (BZ#520694)
significant performance issues for guests running 64-bit editions of
Windows. This update improves performance for guests running 64-bit
editions of Windows. (BZ#521793)
Windows guests may have experienced time drift. (BZ#521794)
removing the Red Hat VirtIO Ethernet Adapter from a guest running Windows
Server 2008 R2 caused KVM to crash. With this update, device removal should
not cause this issue. (BZ#524557)
All KVM users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Note: The procedure in the
Solution section must be performed before this update takes effect.
Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-October/078400.html
https://lists.centos.org/pipermail/centos-announce/2009-October/078401.html
Affected packages:
kmod-kvm
kvm
kvm-qemu-img
kvm-tools
Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1465
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
CentOS | 5 | x86_64 | kmod-kvm | <Β 83-105.el5_4.7 | kmod-kvm-83-105.el5_4.7.x86_64.rpm |
CentOS | 5 | x86_64 | kvm | <Β 83-105.el5_4.7 | kvm-83-105.el5_4.7.x86_64.rpm |
CentOS | 5 | x86_64 | kvm-qemu-img | <Β 83-105.el5_4.7 | kvm-qemu-img-83-105.el5_4.7.x86_64.rpm |
CentOS | 5 | x86_64 | kvm-tools | <Β 83-105.el5_4.7 | kvm-tools-83-105.el5_4.7.x86_64.rpm |
CentOS | 5 | x86_64 | kmod-kvm | <Β 83-105.el5_4.7 | kmod-kvm-83-105.el5_4.7.x86_64.rpm |
CentOS | 5 | x86_64 | kvm | <Β 83-105.el5_4.7 | kvm-83-105.el5_4.7.x86_64.rpm |
CentOS | 5 | x86_64 | kvm-qemu-img | <Β 83-105.el5_4.7 | kvm-qemu-img-83-105.el5_4.7.x86_64.rpm |
CentOS | 5 | x86_64 | kvm-tools | <Β 83-105.el5_4.7 | kvm-tools-83-105.el5_4.7.x86_64.rpm |