Rapid7 Vulnerability & Exploit Database

RHSA-2010:0088: kvm security and bug fix update

Back to Search

RHSA-2010:0088: kvm security and bug fix update



KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built forthe standard Red Hat Enterprise Linux kernel.The x86 emulator implementation was missing a check for the CurrentPrivilege Level (CPL) and I/O Privilege Level (IOPL). A user in a guestcould leverage these flaws to cause a denial of service (guest crash) orpossibly escalate their privileges within that guest. (CVE-2010-0298,CVE-2010-0306)A flaw was found in the Programmable Interval Timer (PIT) emulation. Accessto the internal data structure pit_state, which represents the data stateof the emulated PIT, was not properly validated in the pit_ioport_read()function. A privileged guest user could use this flaw to crash the host.(CVE-2010-0309)A flaw was found in the USB passthrough handling code. A specially-craftedUSB packet sent from inside a guest could be used to trigger a bufferoverflow in the usb_host_handle_control() function, which runs under theQEMU-KVM context on the host. A user in a guest could leverage this flaw tocause a denial of service (guest hang or crash) or possibly escalate theirprivileges within the host. (CVE-2010-0297)This update also fixes the following bugs: All KVM users should upgrade to these updated packages, which containbackported patches to resolve these issues. Note: The procedure in theSolution section must be performed before this update will take effect.


  • redhat-upgrade-kmod-kvm
  • redhat-upgrade-kvm
  • redhat-upgrade-kvm-qemu-img
  • redhat-upgrade-kvm-tools

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center