kvm-83-266.0.1.AXS3.1
エラータID: AXSA:2014-242:01
リリース日:
2014/04/10 Thursday - 18:57
題名:
kvm-83-266.0.1.AXS3.1
影響のあるチャネル:
Asianux Server 3 for x86_64
Severity:
High
Description:
以下項目について対処しました。
[Security Fix]
- Linux kernel の KVM サブシステムの arch/x86/kvm/lapic.c の apic_get_tmcct 関数には,巧妙に細工された TMICT 値の変更によって,ゲスト OS のユーザがサービス拒否 (0 除算エラーとホスト OS のクラッシュ) を引き起こす脆弱性があります。(CVE-2013-6367)
- Linux kernel の KVM サブシステムには,ページの最後のアドレスを含む VAPIC 同期操作によって,ローカルのユーザが権限を得る,あるいはサービス拒否 (システムのクラッシュ) を引き起こす脆弱性があります。 (CVE-2013-6368)
一部CVEの翻訳文はJVNからの引用になります。
http://jvndb.jvn.jp/
解決策:
パッケージをアップデートしてください。
CVE:
CVE-2013-6367
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
CVE-2013-6368
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
The KVM subsystem in the Linux kernel through 3.12.5 allows local users to gain privileges or cause a denial of service (system crash) via a VAPIC synchronization operation involving a page-end address.
CVE-2012-1601
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
The KVM implementation in the Linux kernel before 3.3.6 allows host OS users to cause a denial of service (NULL pointer dereference and host OS crash) by making a KVM_CREATE_IRQCHIP ioctl call after a virtual CPU already exists.
CVE-2012-2121
The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.
The KVM implementation in the Linux kernel before 3.3.4 does not properly manage the relationships between memory slots and the iommu, which allows guest OS users to cause a denial of service (memory leak and host OS crash) by leveraging administrative access to the guest OS to conduct hotunplug and hotplug operations on devices.
CVE-2012-3515
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 sequence that triggers the overwrite of a "device model's address space."
CVE-2013-1796
The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.
The kvm_set_msr_common function in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 does not ensure a required time_page alignment during an MSR_KVM_SYSTEM_TIME operation, which allows guest OS users to cause a denial of service (buffer overflow and host OS memory corruption) or possibly have unspecified other impact via a crafted application.
CVE-2013-1797
Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.
Use-after-free vulnerability in arch/x86/kvm/x86.c in the Linux kernel through 3.8.4 allows guest OS users to cause a denial of service (host OS memory corruption) or possibly have unspecified other impact via a crafted application that triggers use of a guest physical address (GPA) in (1) movable or (2) removable memory during an MSR_KVM_SYSTEM_TIME kvm_set_msr_common operation.
CVE-2013-1798
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
The ioapic_read_indirect function in virt/kvm/ioapic.c in the Linux kernel through 3.8.4 does not properly handle a certain combination of invalid IOAPIC_REG_SELECT and IOAPIC_REG_WINDOW operations, which allows guest OS users to obtain sensitive information from host OS memory or cause a denial of service (host OS OOPS) via a crafted application.
CVE-2013-6367
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
The apic_get_tmcct function in arch/x86/kvm/lapic.c in the KVM subsystem in the Linux kernel through 3.12.5 allows guest OS users to cause a denial of service (divide-by-zero error and host OS crash) via crafted modifications of the TMICT value.
追加情報:
N/A
ダウンロード:
SRPMS
- kvm-83-266.0.1.AXS3.1.src.rpm
MD5: 3ed1b505e02b15b92af30114eae782a3
SHA-256: fe8bf507bdad61148c28f33c9be28d1b6c304c7cf8c71f7b1152b35fd87b5b74
Size: 4.79 MB
Asianux Server 3 for x86_64
- kmod-kvm-83-266.0.1.AXS3.1.x86_64.rpm
MD5: 0f2d3e8a6218d94be23578877215c4a0
SHA-256: a0e6eaed3ced0a70a862b12d4a40388bd1122cc957d770490196851b02ad2815
Size: 1.33 MB - kvm-83-266.0.1.AXS3.1.x86_64.rpm
MD5: 124a5a9eca1f1ccc68534d216e0468ca
SHA-256: 3206a91150510959c6f001054aba6e69504c5f2c5fe8df3295b44706f50bf1f2
Size: 939.76 kB - kvm-qemu-img-83-266.0.1.AXS3.1.x86_64.rpm
MD5: a96d8d2e386f5b9eaac7a5fd387f4c7d
SHA-256: 331c739c4132d7b9802fe93a46e9586ffc8ed1ff0497cedc2dfda3a1a5405058
Size: 190.66 kB - kvm-tools-83-266.0.1.AXS3.1.x86_64.rpm
MD5: c8d391af09e43ff81e491284c5c69715
SHA-256: 5e2cfc4afdecef69604fdf03c3c1fbada2760021efabfee78b49f3491a9c8ae2
Size: 197.99 kB