Rapid7 Vulnerability & Exploit Database

RHSA-2013:0896: qemu-kvm security and bug fix update

Back to Search

RHSA-2013:0896: qemu-kvm security and bug fix update



KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on AMD64 and Intel 64 systems. qemu-kvm is the user-space componentfor running virtual machines using KVM.It was found that QEMU Guest Agent (the "qemu-ga" service) createdcertain files with world-writable permissions when run in daemon mode(the default mode). An unprivileged guest user could use this flaw toconsume all free space on the partition containing the qemu-ga log file, ormodify the contents of the log. When a UNIX domain socket transport wasexplicitly configured to be used (not the default), an unprivileged guestuser could potentially use this flaw to escalate their privileges in theguest. This update requires manual action. Refer below for details.(CVE-2013-2007)This update does not change the permissions of the existing log file orthe UNIX domain socket. For these to be changed, stop the qemu-ga service,and then manually remove all "group" and "other" permissions on theaffected files, or remove the files.Note that after installing this update, files created by theguest-file-open QEMU Monitor Protocol (QMP) command will still continue tobe created with world-writable permissions for backwards compatibility.This issue was discovered by Laszlo Ersek of Red Hat.This update also fixes the following bugs:All users of qemu-kvm should upgrade to these updated packages, whichcontain backported patches to correct these issues. After installing thisupdate, shut down all running virtual machines. Once all virtual machineshave shut down, start them again for this update to take effect.


  • redhat-upgrade-qemu-guest-agent
  • redhat-upgrade-qemu-guest-agent-win32
  • redhat-upgrade-qemu-img
  • redhat-upgrade-qemu-kvm
  • redhat-upgrade-qemu-kvm-debuginfo
  • redhat-upgrade-qemu-kvm-tools

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center