| Description: | KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel.
The kvm_emulate_hypercall() implementation was missing a check for the Current Privilege Level (CPL). A local, unprivileged user in a virtual machine could use this flaw to cause a local denial of service or escalate their privileges within that virtual machine. (CVE-2009-3290)
This update also fixes the following bugs:
non-maskable interrupts (NMI) were not supported on systems with AMD processors. As a consequence, Windows Server 2008 R2 guests running with more than one virtual CPU assigned on systems with AMD processors would hang at the Windows shut down screen when a restart was attempted. This update adds support for NMI filtering on systems with AMD processors, allowing clean restarts of Windows Server 2008 R2 guests running with multiple virtual CPUs. (BZ#520694)
significant performance issues for guests running 64-bit editions of Windows. This update improves performance for guests running 64-bit editions of Windows. (BZ#521793)
Windows guests may have experienced time drift. (BZ#521794)
removing the Red Hat VirtIO Ethernet Adapter from a guest running Windows Server 2008 R2 caused KVM to crash. With this update, device removal should not cause this issue. (BZ#524557)
All KVM users should upgrade to these updated packages, which contain backported patches to resolve these issues. Note: The procedure in the Solution section must be performed before this update takes effect.
|