kmod, kvm security update

CentOS Errata and Security Advisory CESA-2009:1465

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for
the standard Red Hat Enterprise Linux kernel.

The kvm_emulate_hypercall() implementation was missing a check for the
Current Privilege Level (CPL). A local, unprivileged user in a virtual
machine could use this flaw to cause a local denial of service or escalate
their privileges within that virtual machine. (CVE-2009-3290)

This update also fixes the following bugs:

• non-maskable interrupts (NMI) were not supported on systems with AMD
  processors. As a consequence, Windows Server 2008 R2 guests running with
  more than one virtual CPU assigned on systems with AMD processors would
  hang at the Windows shut down screen when a restart was attempted. This
  update adds support for NMI filtering on systems with AMD processors,
  allowing clean restarts of Windows Server 2008 R2 guests running with
  multiple virtual CPUs. (BZ#520694)

• significant performance issues for guests running 64-bit editions of
  Windows. This update improves performance for guests running 64-bit
  editions of Windows. (BZ#521793)

• Windows guests may have experienced time drift. (BZ#521794)

• removing the Red Hat VirtIO Ethernet Adapter from a guest running Windows
  Server 2008 R2 caused KVM to crash. With this update, device removal should
  not cause this issue. (BZ#524557)

All KVM users should upgrade to these updated packages, which contain
backported patches to resolve these issues. Note: The procedure in the
Solution section must be performed before this update takes effect.

Merged security bulletin from advisories:
https://lists.centos.org/pipermail/centos-announce/2009-October/078400.html
https://lists.centos.org/pipermail/centos-announce/2009-October/078401.html

Affected packages:
kmod-kvm
kvm
kvm-qemu-img
kvm-tools

Upstream details at:
https://access.redhat.com/errata/RHSA-2009:1465