| Description: | KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. The qemu-kvm package provides theuser-space component for running virtual machines using KVM.Multiple buffer overflow, input validation, and out-of-bounds write flawswere found in the way the virtio, virtio-net, virtio-scsi, and usb driversof QEMU handled state loading after migration. A user able to alter thesavevm data (either on the disk or over the wire during migration) coulduse either of these flaws to corrupt QEMU process memory on the(destination) host, which could potentially result in arbitrary codeexecution on the host with the privileges of the QEMU process.(CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536, CVE-2013-4541,CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, CVE-2014-3461)An out-of-bounds memory access flaw was found in the way QEMU's IDE devicedriver handled the execution of SMART EXECUTE OFFLINE commands.A privileged guest user could use this flaw to corrupt QEMU process memoryon the host, which could potentially result in arbitrary code execution onthe host with the privileges of the QEMU process. (CVE-2014-2894)The CVE-2013-4148, CVE-2013-4151, CVE-2013-4535, CVE-2013-4536,CVE-2013-4541, CVE-2013-4542, CVE-2013-6399, CVE-2014-0182, andCVE-2014-3461 issues were discovered by Michael S. Tsirkin of Red Hat,Anthony Liguori, and Michael Roth.This update also fixes the following bugs:* Previously, under certain circumstances, libvirt failed to start guestswhich used a non-zero PCI domain and SR-IOV Virtual Functions (VFs), andreturned the following error message:Can't assign device inside non-zero PCI segment as this KVM module doesn'tsupport it.This update fixes this issue and guests using the aforementionedconfiguration no longer fail to start. (BZ#1099941)* Due to an incorrect initialization of the cpus_sts bitmap, which holdsthe enablement status of a vCPU, libvirt could fail to start a guest withan unusual vCPU topology (for example, a guest with three cores and twosockets). With this update, the initialization of cpus_sts has beencorrected, and libvirt no longer fails to start the aforementioned guests.(BZ#1100575)All qemu-kvm users are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing thisupdate, shut down all running virtual machines. Once all virtual machineshave shut down, start them again for this update to take effect. |