8.167. qemu-kvm

download PDF
Updated qemu-kvm packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 6.
The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links associated with each description below.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems that is built into the standard Red Hat Enterprise Linux kernel. The qemu-kvm packages form the user-space component for running virtual machines using KVM.
A buffer overflow flaw was found in the way QEMU processed the SCSI "REPORT LUNS" command when more than 256 LUNs were specified for a single SCSI target. A privileged guest user could use this flaw to corrupt QEMU process memory on the host, which could potentially result in arbitrary code execution on the host with the privileges of the QEMU process.
This issue was discovered by Asias He of Red Hat.

Bug Fixes

Previously, a counter variable was not correctly reset when restarting an allocating request for disk images using the qcow2 file format. Consequently, these disk images in the cluster allocation code were corrupted in some cases. This update changes the way the number of available clusters is counted in the qcow2 format, and qcow2 disks are no longer corrupted in the described scenario.
Due to an integer overflow in calculations, the qemu-kvm utility was reporting incorrect memory size on QMP (QEMU Machine Protocol) event when using Virtio Balloon Driver with more than 4 GB of memory. A patch has been provided to fix this bug, and qemu-kvm now reports the correct amount of current RAM.
Previously, smart card emulation for Microsoft Windows XP and Microsoft Windows 7 guests failed due to inconsistent Answer To Reset (ATR) file length with a smart card Input/Output device error. This update creates an ATR file length with appropriate historical bytes, and disables USB signaling when necessary. Now, smart card emulation works, and failures no longer occur in the aforementioned scenario.
Previously, the qemu-kvm utility did not enable the IOeventFD feature, which caused the IOeventFD support for virtio-blk devices to be silently disabled. This update enables the IOeventFD feature, and the IOeventFD support for virtio-blk devices works as expected.


A new feature for removing the backing file using the qemu-img rebase command has been implemented. Now, no data loss will occur when running the qemu-img rebase command.
Red Hat Enterprise Linux 6.5 brings read-only support for VHDX (Hyper-V virtual hard disk), image formats, as created by Microsoft Hyper-V.
Red Hat Enterprise Linux 6.5 brings a number of improvements on read-only support for VMDK (Virtual Machine Disk), image file formats, including its sub-formats, as created by many VMware Virtualization products.
Updated support for GlusterFS in QEMU allows native access to GlusterFS volumes using the libgfapi library instead of through a locally mounted FUSE file system. This native approach offers considerable performance improvements.
Support of Volume Control from within Microsoft Windows Guests has been implemented. Users can now fully control the volume level on Microsoft Windows XP guests using the AC'97 codec.
Support for dumping metadata of virtual disks has been implemented with this update. Third-party applications running on the host are now able to read guest image contents without knowing the details of the QCOW2 image format. This can be used together with the Linux device mapper to access QCOW2 images as Linux block devices.
Similarly to the Windows VSS (Visual SourceSafe) version, application-consistent snapshots can now be created with the use of scripts that attach to the QEMU guest agent running on the guest. These scripts can notify applications which would flush their data to the disk during a freeze or thaw operation, thus allowing consistent snapshots to be taken.


VNC password authentication is disabled when the system is operating in FIPS (Federal Information Processing Standards) mode.
All qemu-kvm users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements. After installing this update, shut down all running virtual machines. Once all virtual machines have shut down, start them again for this update to take effect.
Updated qemu-kvm packages that fix several bugs are now available for Red Hat Enterprise Linux 6.
KVM (Kernel-based Virtual Machine) is a full virtualization solution for Linux on AMD64 and Intel 64 systems. qemu-kvm is the user-space component for running virtual machines using KVM.

Bug Fixes

Recent changes to the block layer resulted in a disk I/O performance degradation due to the way block length is calculated and cached internally. This update improves the logic for calculating such lengths and restores performance to the expected levels.
Due to a regression, the "qemu-img info" command took too much time to respond with the "cluster_size=512,preallocation=metadata" option. This bug has been fixed and "qemu-img info" now responds within one second.
On images created with very small non-standard cluster sizes (for example, 512 bytes), the "qemu-img info" command could take a long time to respond if run immediately after an image creation. This bug has been fixed, and "qemu-img info" now works as expected.
When doing live migration with the "--copy-storage-all" option, the virsh user interface failed with the following error message:
"error: Unable to read from monitor: Connection reset by peer"
This bug, caused by a regression, has been fixed, and live migration now finishes successfully.
Previously, qemu (for example, the "qemu-img info" command) could not open VMWare ESX image files. A patch fixing this bug has been provided, and ESX images are now handled correctly.
Users of qemu-kvm are advised to upgrade to these updated packages, which fix these bugs.
Red Hat logoGithubRedditYoutubeTwitter


Try, buy, & sell


About Red Hat Documentation

We help Red Hat users innovate and achieve their goals with our products and services with content they can trust.

Making open source more inclusive

Red Hat is committed to replacing problematic language in our code, documentation, and web properties. For more details, see the Red Hat Blog.

About Red Hat

We deliver hardened solutions that make it easier for enterprises to work across platforms and environments, from the core datacenter to the network edge.

© 2024 Red Hat, Inc.