【CESA-2017:1430】An update for qemu-kvm is now available for Red Hat Enterprise Linux 7

CESA-2017:1430

An update for qemu-kvm is now available for Red Hat Enterprise Linux 7.

Red Hat Product Security has rated this update as having a security impact of
Important. A Common Vulnerability Scoring System (CVSS) base score, which gives
a detailed severity rating, is available for each vulnerability from the CVE
link(s) in the References section.

Kernel-based Virtual Machine (KVM) is a full virtualization solution for Linux
on a variety of architectures. The qemu-kvm package provides the user-space
component for running virtual machines that use KVM.

Security Fix(es):

* An out-of-bounds r/w access issue was found in QEMU’s Cirrus CLGD 54xx VGA
Emulator support. The vulnerability could occur while copying VGA data via
various bitblt functions. A privileged user inside a guest could use this flaw
to crash the QEMU process or, potentially, execute arbitrary code on the host
with privileges of the QEMU process. (CVE-2017-7980)

* An out-of-bounds access issue was found in QEMU’s Cirrus CLGD 54xx VGA
Emulator support. The vulnerability could occur while copying VGA data using
bitblt functions (for example, cirrus_bitblt_rop_fwd_transp_). A privileged user
inside a guest could use this flaw to crash the QEMU process, resulting in
denial of service. (CVE-2017-7718)

Red Hat would like to thank Jiangxin (PSIRT Huawei Inc) and Li Qiang (Qihoo 360
Gear Team) for reporting CVE-2017-7980 and Jiangxin (PSIRT Huawei Inc) for
reporting CVE-2017-7718.

Bug Fix(es):

* Previously, guest virtual machines in some cases became unresponsive when the
“pty” back end of a serial device performed an irregular I/O communication. This
update improves the handling of serial I/O on guests, which prevents the
described problem from occurring. (BZ#1452332)

Bugs Fixed

1443441 – CVE-2017-7718 Qemu: display: cirrus: OOB read access issue
1444371 – CVE-2017-7980 Qemu: display: cirrus: OOB r/w access issues in bitblt routines
1452332 – RHEL 7.2 based VM (Virtual Machine) hung for several hours apparently waiting for lock held by main_loop