KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built forthe standard Red Hat Enterprise Linux kernel.The x86 emulator implementation was missing a check for the CurrentPrivilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guestcould leverage these flaws to cause a denial of service (guest crash) orpossibly escalate their privileges within that guest. (CVE-2010-0298,CVE-2010-0306)A flaw was found in the Programmable Interval Timer (PIT) emulation. Accessto the internal data structure pit_state, which represents the data stateof the emulated PIT, was not properly validated in the pit_ioport_read()function. A privileged guest user could use this flaw to crash the host.(CVE-2010-0309)A flaw was found in the USB passthrough handling code. A specially-craftedUSB packet sent from inside a guest could be used to trigger a bufferoverflow in the usb_host_handle_control() function, which runs under theQEMU-KVM context on the host. A user in a guest could leverage this flaw tocause a denial of service (guest hang or crash) or possibly escalate theirprivileges within the host. (CVE-2010-0297)This update also fixes the following bugs: All KVM users should upgrade to these updated packages, which containbackported patches to resolve these issues. Note: The procedure in theSolution section must be performed before this update will take effect.