KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. KVM is a Linux kernel module built forthe standard Red Hat Enterprise Linux kernel.A flaw was found in the way KVM handled guest time updates when the bufferthe guest registered by writing to the MSR_KVM_SYSTEM_TIME machine stateregister (MSR) crossed a page boundary. A privileged guest user could usethis flaw to crash the host or, potentially, escalate their privileges,allowing them to execute arbitrary code at the host kernel level.(CVE-2013-1796)A potential use-after-free flaw was found in the way KVM handled guest timeupdates when the GPA (guest physical address) the guest registered bywriting to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into amovable or removable memory region of the hosting user-space process (bydefault, QEMU-KVM) on the host. If that memory region is deregistered fromKVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memoryreused, a privileged guest user could potentially use this flaw toescalate their privileges on the host. (CVE-2013-1797)A flaw was found in the way KVM emulated IOAPIC (I/O Advanced ProgrammableInterrupt Controller). A missing validation check in theioapic_read_indirect() function could allow a privileged guest user tocrash the host, or read a substantial portion of host kernel memory.(CVE-2013-1798)Red Hat would like to thank Andrew Honig of Google for reporting all ofthese issues.All users of kvm are advised to upgrade to these updated packages, whichcontain backported patches to correct these issues. Note that the procedurein the Solution section must be performed before this update will takeeffect.