| Description: | Summary:
Check the version of kmod-kvm
Vulnerability Insight:
KVM (for Kernel-based Virtual Machine) is
a full virtualization solution for Linux on x86 hardware. Using KVM, one can
run multiple virtual machines running unmodified Linux or Windows images.
Each virtual machine has private virtualized hardware: a network card, disk,
graphics adapter, etc.
Security Fix(es):
* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA emulator
support is vulnerable to an out-of-bounds access issue. It could occur
while copying VGA data via bitblt copy in backward mode. A privileged user
inside a guest could use this flaw to crash the QEMU process resulting in
DoS or potentially execute arbitrary code on the host with privileges of
QEMU process on the host. (CVE-2017-2615)
* Quick emulator (QEMU) built with the Cirrus CLGD 54xx VGA Emulator
support is vulnerable to an out-of-bounds access issue. The issue could
occur while copying VGA data in cirrus_bitblt_cputovideo. A privileged user
inside guest could use this flaw to crash the QEMU process OR potentially
execute arbitrary code on host with privileges of the QEMU process.
(CVE-2017-2620)
Red Hat would like to thank Wjjzhang (Tencent.com Inc.) and Li Qiang
(360.cn Inc.) for reporting CVE-2017-2615.
4. Solution:
For details on how to apply this update, which includes the changes
described in this advisory, refer to the linked article.
Affected Software/OS:
kmod-kvm on CentOS 5
Solution:
Please Install the Updated Packages.
CVSS Score:
9.0
CVSS Vector:
AV:N/AC:L/Au:S/C:C/I:C/A:C
|
