Rapid7 Vulnerability & Exploit Database

RHSA-2010:0627: kvm security and bug fix update

Back to Search

RHSA-2010:0627: kvm security and bug fix update



KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built forthe standard Red Hat Enterprise Linux kernel.It was found that QEMU-KVM on the host did not validate all pointersprovided from a guest system's QXL graphics card driver. A privileged guestuser could use this flaw to cause the host to dereference an invalidpointer, causing the guest to crash (denial of service) or, possibly,resulting in the privileged guest user escalating their privileges on thehost. (CVE-2010-0431)A flaw was found in QEMU-KVM, allowing the guest some control over theindex used to access the callback array during sub-page MMIOinitialization. A privileged guest user could use this flaw to crash theguest (denial of service) or, possibly, escalate their privileges on thehost. (CVE-2010-2784)A NULL pointer dereference flaw was found when the host system had aprocessor with the Intel VT-x extension enabled. A privileged guest usercould use this flaw to trick the host into emulating a certain instruction,which could crash the host (denial of service). (CVE-2010-0435)This update also fixes the following bugs:All KVM users should upgrade to these updated packages, which containbackported patches to resolve these issues. Note: The procedure in theSolution section must be performed before this update will take effect.


  • redhat-upgrade-kmod-kvm
  • redhat-upgrade-kvm
  • redhat-upgrade-kvm-qemu-img
  • redhat-upgrade-kvm-tools

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center