| Description: | Summary:
Check the version of kmod-kvm
Vulnerability Insight:
KVM (for Kernel-based Virtual Machine) is a
full virtualization solution for Linux on x86 hardware. Using KVM, one can run
multiple virtual machines running unmodified Linux or Windows images. Each
virtual machine has private virtualized hardware: a network card, disk,
graphics adapter, etc.
Security Fix(es):
* An out-of-bounds read/write access flaw was found in the way QEMU's VGA
emulation with VESA BIOS Extensions (VBE) support performed read/write
operations using I/O port methods. A privileged guest user could use this
flaw to execute arbitrary code on the host with the privileges of the
host's QEMU process. (CVE-2016-3710)
* Quick Emulator(QEMU) built with the virtio framework is vulnerable to an
unbounded memory allocation issue. It was found that a malicious guest user
could submit more requests than the virtqueue size permits. Processing a
request allocates a VirtQueueElement results in unbounded memory allocation
on the host controlled by the guest. (CVE-2016-5403)
Red Hat would like to thank Wei Xiao (360 Marvel Team) and Qinghao Tang
(360 Marvel Team) for reporting CVE-2016-3710 and hongzhenhao (Marvel Team)
for reporting CVE-2016-5403.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to the linked article.
Affected Software/OS:
kmod-kvm on CentOS 5
Solution:
Please Install the Updated Packages.
CVSS Score:
7.2
CVSS Vector:
AV:L/AC:L/Au:N/C:C/I:C/A:C
|
