Skip to navigation

Security Advisory Important: qemu-kvm security and bug fix update

Advisory: RHSA-2011:0919-1
Type: Security Advisory
Severity: Important
Issued on: 2011-07-05
Last updated on: 2011-07-05
Affected Products: Red Hat Enterprise Linux Desktop (v. 6)
Red Hat Enterprise Linux HPC Node (v. 6)
Red Hat Enterprise Linux Server (v. 6)
Red Hat Enterprise Linux Server EUS (v. 6.1.z)
Red Hat Enterprise Linux Workstation (v. 6)
CVEs (cve.mitre.org): CVE-2011-2212
CVE-2011-2512

Details

Updated qemu-kvm packages that fix two security issues and one bug are now
available for Red Hat Enterprise Linux 6.

The Red Hat Security Response Team has rated this update as having
important security impact. Common Vulnerability Scoring System (CVSS) base
scores, which give detailed severity ratings, are available for each
vulnerability from the CVE links in the References section.

KVM (Kernel-based Virtual Machine) is a full virtualization solution for
Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component
for running virtual machines using KVM.

It was found that the virtio subsystem in qemu-kvm did not properly
validate virtqueue in and out requests from the guest. A privileged guest
user could use this flaw to trigger a buffer overflow, allowing them to
crash the guest (denial of service) or, possibly, escalate their privileges
on the host. (CVE-2011-2212)

It was found that the virtio_queue_notify() function in qemu-kvm did not
perform sufficient input validation on the value later used as an index
into the array of virtqueues. An unprivileged guest user could use this
flaw to crash the guest (denial of service) or, possibly, escalate their
privileges on the host. (CVE-2011-2512)

Red Hat would like to thank Nelson Elhage for reporting CVE-2011-2212.

This update also fixes the following bug:

* A bug was found in the way vhost (in qemu-kvm) set up mappings with the
host kernel's vhost module. This could result in the host kernel's vhost
module not having a complete view of a guest system's memory, if that guest
had more than 4 GB of memory. Consequently, hot plugging a vhost-net
network device and restarting the guest may have resulted in that device no
longer working. (BZ#701771)

All users of qemu-kvm should upgrade to these updated packages, which
contain backported patches to resolve these issues. After installing this
update, shut down all running virtual machines. Once all virtual machines
have shut down, start them again for this update to take effect.


Solution

Before applying this update, make sure all previously-released errata
relevant to your system have been applied.

This update is available via the Red Hat Network. Details on how to
use the Red Hat Network to apply this update are available at
https://access.redhat.com/kb/docs/DOC-11259

Updated packages

Red Hat Enterprise Linux Desktop (v. 6)

x86_64:
qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: ecc0be75a9d2ddf458e5f8e638fb6208
SHA-256: 86fbbba582bb8272b713135805c150af6766a70e130586d42d736536aad8e6da
qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 5b893e1d5a3d55db29358ac93e138919
SHA-256: 0efbde22d4aa1c82743766035befc395389444b11fd341bfd9e8fdb1e8eb5fb3
qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: f639005ac0e4f33b5fbaeee4460afcf6
SHA-256: 7642ec0c5c0d4995bf957336e66be227d65b4bba638fe9e8e57317ba521b6b71
qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: ed645eb7e5d3ef6356085540a2fa8f57
SHA-256: 41244008eea8568b56ba6bdc8e5ba64109163790a199feae8c1ba83b8ed294db
 
Red Hat Enterprise Linux HPC Node (v. 6)

x86_64:
qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: ecc0be75a9d2ddf458e5f8e638fb6208
SHA-256: 86fbbba582bb8272b713135805c150af6766a70e130586d42d736536aad8e6da
qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 5b893e1d5a3d55db29358ac93e138919
SHA-256: 0efbde22d4aa1c82743766035befc395389444b11fd341bfd9e8fdb1e8eb5fb3
qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: f639005ac0e4f33b5fbaeee4460afcf6
SHA-256: 7642ec0c5c0d4995bf957336e66be227d65b4bba638fe9e8e57317ba521b6b71
qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: ed645eb7e5d3ef6356085540a2fa8f57
SHA-256: 41244008eea8568b56ba6bdc8e5ba64109163790a199feae8c1ba83b8ed294db
 
Red Hat Enterprise Linux Server (v. 6)

x86_64:
qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: ecc0be75a9d2ddf458e5f8e638fb6208
SHA-256: 86fbbba582bb8272b713135805c150af6766a70e130586d42d736536aad8e6da
qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 5b893e1d5a3d55db29358ac93e138919
SHA-256: 0efbde22d4aa1c82743766035befc395389444b11fd341bfd9e8fdb1e8eb5fb3
qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: f639005ac0e4f33b5fbaeee4460afcf6
SHA-256: 7642ec0c5c0d4995bf957336e66be227d65b4bba638fe9e8e57317ba521b6b71
qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: ed645eb7e5d3ef6356085540a2fa8f57
SHA-256: 41244008eea8568b56ba6bdc8e5ba64109163790a199feae8c1ba83b8ed294db
 
Red Hat Enterprise Linux Server EUS (v. 6.1.z)

x86_64:
qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2011:1801
    MD5: ecc0be75a9d2ddf458e5f8e638fb6208
SHA-256: 86fbbba582bb8272b713135805c150af6766a70e130586d42d736536aad8e6da
qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2011:1801
    MD5: 5b893e1d5a3d55db29358ac93e138919
SHA-256: 0efbde22d4aa1c82743766035befc395389444b11fd341bfd9e8fdb1e8eb5fb3
qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2011:1801
    MD5: f639005ac0e4f33b5fbaeee4460afcf6
SHA-256: 7642ec0c5c0d4995bf957336e66be227d65b4bba638fe9e8e57317ba521b6b71
qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHSA-2011:1801
    MD5: ed645eb7e5d3ef6356085540a2fa8f57
SHA-256: 41244008eea8568b56ba6bdc8e5ba64109163790a199feae8c1ba83b8ed294db
 
Red Hat Enterprise Linux Workstation (v. 6)

x86_64:
qemu-img-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: ecc0be75a9d2ddf458e5f8e638fb6208
SHA-256: 86fbbba582bb8272b713135805c150af6766a70e130586d42d736536aad8e6da
qemu-kvm-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: 5b893e1d5a3d55db29358ac93e138919
SHA-256: 0efbde22d4aa1c82743766035befc395389444b11fd341bfd9e8fdb1e8eb5fb3
qemu-kvm-debuginfo-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: f639005ac0e4f33b5fbaeee4460afcf6
SHA-256: 7642ec0c5c0d4995bf957336e66be227d65b4bba638fe9e8e57317ba521b6b71
qemu-kvm-tools-0.12.1.2-2.160.el6_1.2.x86_64.rpm
File outdated by:  RHBA-2014:0360
    MD5: ed645eb7e5d3ef6356085540a2fa8f57
SHA-256: 41244008eea8568b56ba6bdc8e5ba64109163790a199feae8c1ba83b8ed294db
 
(The unlinked packages above are only available from the Red Hat Network)

Bugs fixed (see bugzilla for more information)

713589 - CVE-2011-2212 qemu-kvm: virtqueue: too-large indirect descriptor buffer overflow
717399 - CVE-2011-2512 qemu-kvm: OOB memory access caused by negative vq notifies


References



These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from:
https://www.redhat.com/security/team/key/#package

The Red Hat security contact is secalert@redhat.com. More contact details at http://www.redhat.com/security/team/contact/