Rapid7 Vulnerability & Exploit Database

RHSA-2013:0727: kvm security update

Back to Search

RHSA-2013:0727: kvm security update



KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built forthe standard Red Hat Enterprise Linux kernel.A flaw was found in the way KVM handled guest time updates when the bufferthe guest registered by writing to the MSR_KVM_SYSTEM_TIME machine stateregister (MSR) crossed a page boundary. A privileged guest user could usethis flaw to crash the host or, potentially, escalate their privileges,allowing them to execute arbitrary code at the host kernel level.(CVE-2013-1796)A potential use-after-free flaw was found in the way KVM handled guest timeupdates when the GPA (guest physical address) the guest registered bywriting to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into amovable or removable memory region of the hosting user-space process (bydefault, QEMU-KVM) on the host. If that memory region is deregistered fromKVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memoryreused, a privileged guest user could potentially use this flaw toescalate their privileges on the host. (CVE-2013-1797)A flaw was found in the way KVM emulated IOAPIC (I/O Advanced ProgrammableInterrupt Controller). A missing validation check in theioapic_read_indirect() function could allow a privileged guest user tocrash the host, or read a substantial portion of host kernel memory.(CVE-2013-1798)Red Hat would like to thank Andrew Honig of Google for reporting all ofthese issues.All users of kvm are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. Note that the procedurein the Solution section must be performed before this update will takeeffect.


  • redhat-upgrade-kmod-kvm
  • redhat-upgrade-kmod-kvm-debug
  • redhat-upgrade-kvm
  • redhat-upgrade-kvm-debuginfo
  • redhat-upgrade-kvm-qemu-img
  • redhat-upgrade-kvm-tools

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center