Executive Summary
Summary | |
---|---|
Title | kvm security and bug fix update |
Informations | |||
---|---|---|---|
Name | RHSA-2012:0149 | First vendor Publication | 2012-02-21 |
Vendor | RedHat | Last vendor Modification | 2012-02-21 |
Severity (Vendor) | Moderate | Revision | 03 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:L/AC:H/Au:N/C:N/I:N/A:C) | |||
---|---|---|---|
Cvss Base Score | 4 | Attack Range | Local |
Cvss Impact Score | 6.9 | Attack Complexity | High |
Cvss Expoit Score | 1.9 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Problem Description: Updated kvm packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. 2. Relevant releases/architectures: RHEL Desktop Multi OS (v. 5 client) - x86_64 RHEL Virtualization (v. 5 server) - x86_64 3. Description: KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built for the standard Red Hat Enterprise Linux kernel. It was found that the kvm_vm_ioctl_assign_device() function in the KVM subsystem of a Linux kernel did not check if the user requesting device assignment was privileged or not. A member of the kvm group on the host could assign unused PCI devices, or even devices that were in use and whose resources were not properly claimed by the respective drivers, which could result in the host crashing. (CVE-2011-4347) Red Hat would like to thank Sasha Levin for reporting this issue. These updated kvm packages include several bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Enterprise Linux 5.8 Technical Notes, linked to in the References, for information on the most significant of these changes. All KVM users should upgrade to these updated packages, which contain backported patches to correct these issues. Note: The procedure in the Solution section must be performed before this update will take effect. 4. Solution: Before applying this update, make sure all previously-released errata relevant to your system have been applied. This update is available via the Red Hat Network. Details on how to use the Red Hat Network to apply this update are available at https://access.redhat.com/kb/docs/DOC-11259 The following procedure must be performed before this update will take effect: 1) Stop all KVM guest virtual machines. 2) Either reboot the hypervisor machine or, as the root user, remove (using "modprobe -r [module]") and reload (using "modprobe [module]") all of the following modules which are currently running (determined using "lsmod"): kvm, ksm, kvm-intel or kvm-amd. 3) Restart the KVM guest virtual machines. 5. Bugs fixed (http://bugzilla.redhat.com/): 701616 - limitation on max number of assigned devices does not take effect if hot-plug pci devices 703335 - KVM guest clocks jump forward one hour on reboot 703446 - Failed to ping guest after MTU is changed 704081 - mouse responds very slowly with huge memory 725876 - RTC interrupt problems with RHEL5 qemu/kvm (0.10 based) on 2.6.38+ guest kernels. 753860 - Fix kvm userspace compilation on RHEL-5 to match the kernel changes 756084 - CVE-2011-4347 kernel: kvm: device assignment DoS |
Original Source
Url : https://rhn.redhat.com/errata/RHSA-2012-0149.html |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-264 | Permissions, Privileges, and Access Controls |
OVAL Definitions
Definition Id: oval:org.mitre.oval:def:27813 | |||
Oval ID: | oval:org.mitre.oval:def:27813 | ||
Title: | ELSA-2012-0149 -- kvm security and bug fix update (moderate) | ||
Description: | [kvm-83-249.0.1.el5] - Added kvm-add-oracle-workaround-for-libvirt-bug.patch - Added kvm-Introduce-oel-machine-type.patch - modify kversion to fix build failure [kvm-83-249.el5] - kvm-kernel-KVM-x86-Prevent-starting-PIT-timers-in-the-absence-o.patch [bz#770101] - CVE: CVE-2011-4622 - Resolves: bz#770101 (CVE-2011-4622 kernel: kvm: pit timer with no irqchip crashes the system [rhel-5.8]) | ||
Family: | unix | Class: | patch |
Reference(s): | ELSA-2012-0149 CVE-2011-4347 | Version: | 3 |
Platform(s): | Oracle Linux 5 | Product(s): | kvm |
Definition Synopsis: | |||
CPE : Common Platform Enumeration
OpenVAS Exploits
Date | Description |
---|---|
2013-09-18 | Name : Debian Security Advisory DSA 2443-1 (linux-2.6 - privilege escalation/denial ... File : nvt/deb_2443_1.nasl |
2012-12-18 | Name : Fedora Update for kernel FEDORA-2012-20240 File : nvt/gb_fedora_2012_20240_kernel_fc16.nasl |
2012-11-29 | Name : Fedora Update for kernel FEDORA-2012-18691 File : nvt/gb_fedora_2012_18691_kernel_fc16.nasl |
2012-11-06 | Name : Fedora Update for kernel FEDORA-2012-17479 File : nvt/gb_fedora_2012_17479_kernel_fc16.nasl |
2012-09-04 | Name : Fedora Update for kernel FEDORA-2012-12684 File : nvt/gb_fedora_2012_12684_kernel_fc16.nasl |
2012-08-06 | Name : Fedora Update for kernel FEDORA-2012-11348 File : nvt/gb_fedora_2012_11348_kernel_fc16.nasl |
2012-07-30 | Name : CentOS Update for kernel CESA-2012:0350 centos6 File : nvt/gb_CESA-2012_0350_kernel_centos6.nasl |
2012-07-09 | Name : RedHat Update for kernel RHSA-2012:0350-01 File : nvt/gb_RHSA-2012_0350-01_kernel.nasl |
2012-06-25 | Name : Fedora Update for kernel FEDORA-2012-8931 File : nvt/gb_fedora_2012_8931_kernel_fc15.nasl |
2012-06-15 | Name : Fedora Update for kernel FEDORA-2012-8890 File : nvt/gb_fedora_2012_8890_kernel_fc16.nasl |
2012-05-17 | Name : Fedora Update for kernel FEDORA-2012-7594 File : nvt/gb_fedora_2012_7594_kernel_fc15.nasl |
2012-05-14 | Name : Fedora Update for kernel FEDORA-2012-7538 File : nvt/gb_fedora_2012_7538_kernel_fc16.nasl |
2012-05-11 | Name : Ubuntu Update for linux-lts-backport-natty USN-1440-1 File : nvt/gb_ubuntu_USN_1440_1.nasl |
2012-05-04 | Name : Ubuntu Update for linux-lts-backport-oneiric USN-1433-1 File : nvt/gb_ubuntu_USN_1433_1.nasl |
2012-05-04 | Name : Ubuntu Update for linux USN-1431-1 File : nvt/gb_ubuntu_USN_1431_1.nasl |
2012-04-26 | Name : Ubuntu Update for linux-ec2 USN-1426-1 File : nvt/gb_ubuntu_USN_1426_1.nasl |
2012-04-26 | Name : Ubuntu Update for linux USN-1425-1 File : nvt/gb_ubuntu_USN_1425_1.nasl |
2012-04-26 | Name : Fedora Update for kernel FEDORA-2012-6406 File : nvt/gb_fedora_2012_6406_kernel_fc15.nasl |
2012-04-13 | Name : Ubuntu Update for linux USN-1422-1 File : nvt/gb_ubuntu_USN_1422_1.nasl |
2012-04-13 | Name : Ubuntu Update for linux-lts-backport-maverick USN-1421-1 File : nvt/gb_ubuntu_USN_1421_1.nasl |
2012-04-02 | Name : Fedora Update for kernel FEDORA-2012-0363 File : nvt/gb_fedora_2012_0363_kernel_fc16.nasl |
2012-04-02 | Name : Fedora Update for kernel FEDORA-2012-0876 File : nvt/gb_fedora_2012_0876_kernel_fc16.nasl |
2012-04-02 | Name : Fedora Update for kernel FEDORA-2012-0480 File : nvt/gb_fedora_2012_0480_kernel_fc16.nasl |
2012-04-02 | Name : Fedora Update for kernel FEDORA-2012-3712 File : nvt/gb_fedora_2012_3712_kernel_fc16.nasl |
2012-04-02 | Name : Fedora Update for kernel FEDORA-2012-3030 File : nvt/gb_fedora_2012_3030_kernel_fc16.nasl |
2012-03-29 | Name : Fedora Update for kernel FEDORA-2012-3715 File : nvt/gb_fedora_2012_3715_kernel_fc15.nasl |
2012-03-29 | Name : Ubuntu Update for linux-lts-backport-oneiric USN-1409-1 File : nvt/gb_ubuntu_USN_1409_1.nasl |
2012-03-29 | Name : Ubuntu Update for linux USN-1407-1 File : nvt/gb_ubuntu_USN_1407_1.nasl |
2012-03-29 | Name : Ubuntu Update for linux USN-1406-1 File : nvt/gb_ubuntu_USN_1406_1.nasl |
2012-03-29 | Name : Ubuntu Update for linux USN-1405-1 File : nvt/gb_ubuntu_USN_1405_1.nasl |
2012-03-22 | Name : Fedora Update for kernel FEDORA-2012-4410 File : nvt/gb_fedora_2012_4410_kernel_fc16.nasl |
2012-03-19 | Name : Fedora Update for kernel FEDORA-2012-3350 File : nvt/gb_fedora_2012_3350_kernel_fc16.nasl |
2012-03-19 | Name : Fedora Update for kernel FEDORA-2012-1497 File : nvt/gb_fedora_2012_1497_kernel_fc16.nasl |
2012-03-16 | Name : Fedora Update for kernel FEDORA-2012-3356 File : nvt/gb_fedora_2012_3356_kernel_fc15.nasl |
2012-03-07 | Name : Ubuntu Update for linux USN-1389-1 File : nvt/gb_ubuntu_USN_1389_1.nasl |
2012-03-07 | Name : Fedora Update for kernel FEDORA-2012-2753 File : nvt/gb_fedora_2012_2753_kernel_fc15.nasl |
2012-02-13 | Name : Fedora Update for kernel FEDORA-2012-1503 File : nvt/gb_fedora_2012_1503_kernel_fc15.nasl |
2012-01-25 | Name : Fedora Update for kernel FEDORA-2012-0861 File : nvt/gb_fedora_2012_0861_kernel_fc15.nasl |
2012-01-16 | Name : Fedora Update for kernel FEDORA-2012-0492 File : nvt/gb_fedora_2012_0492_kernel_fc15.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
77626 | Linux Kernel kvm_vm_ioctl_assign_device Function /dev/kym Local DoS |
Nessus® Vulnerability Scanner
Date | Description |
---|---|
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0422.nasl - Type : ACT_GATHER_INFO |
2014-11-17 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0168.nasl - Type : ACT_GATHER_INFO |
2013-09-04 | Name : The remote Amazon Linux AMI host is missing a security update. File : ala_ALAS-2012-55.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0149.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-0350.nasl - Type : ACT_GATHER_INFO |
2013-07-12 | Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2012-2003.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0149.nasl - Type : ACT_GATHER_INFO |
2013-01-24 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-1042.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120221_kvm_on_SL5_x.nasl - Type : ACT_GATHER_INFO |
2012-08-01 | Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20120306_kernel_on_SL6_x.nasl - Type : ACT_GATHER_INFO |
2012-05-08 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1440-1.nasl - Type : ACT_GATHER_INFO |
2012-05-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1433-1.nasl - Type : ACT_GATHER_INFO |
2012-05-01 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1431-1.nasl - Type : ACT_GATHER_INFO |
2012-04-25 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1425-1.nasl - Type : ACT_GATHER_INFO |
2012-04-25 | Name : The remote Ubuntu host is missing a security-related patch. File : ubuntu_USN-1426-1.nasl - Type : ACT_GATHER_INFO |
2012-04-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1421-1.nasl - Type : ACT_GATHER_INFO |
2012-04-13 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1422-1.nasl - Type : ACT_GATHER_INFO |
2012-03-27 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2443.nasl - Type : ACT_GATHER_INFO |
2012-03-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1405-1.nasl - Type : ACT_GATHER_INFO |
2012-03-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1406-1.nasl - Type : ACT_GATHER_INFO |
2012-03-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1407-1.nasl - Type : ACT_GATHER_INFO |
2012-03-27 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1409-1.nasl - Type : ACT_GATHER_INFO |
2012-03-08 | Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2012-0350.nasl - Type : ACT_GATHER_INFO |
2012-03-07 | Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-1389-1.nasl - Type : ACT_GATHER_INFO |
2012-03-07 | Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2012-0350.nasl - Type : ACT_GATHER_INFO |
2012-01-16 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0492.nasl - Type : ACT_GATHER_INFO |
2012-01-16 | Name : The remote Fedora host is missing a security update. File : fedora_2012-0363.nasl - Type : ACT_GATHER_INFO |
Alert History
Date | Informations |
---|---|
2014-02-17 11:55:40 |
|
2013-06-10 21:22:30 |
|
2013-06-08 17:22:55 |
|