RHSA-2018:2363: Important: qemu-kvm-rhev security update

KVM (Kernel-based Virtual Machine) is a full virtualization solution forLinux on a variety of architectures. The qemu-kvm-rhev packages provide theuser-space component for running virtual machines that use KVM inenvironments managed by Red Hat products.Security fix(es): An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of Load & Store instructions(a commonly used performance optimization). It relies on the presence of aprecisely-defined instruction sequence in the privileged code as well asthe fact that memory read from address to which a recent memory write hasoccurred may see an older value and subsequently cause an update into themicroprocessor's data cache even for speculatively executed instructionsthat never actually commit (retire). As a result, an unprivileged attackercould use this flaw to read privileged memory by conducting targeted cacheside-channel attacks. (CVE-2018-3639)Acknowledgements:Red Hat would like to thank Ken Johnson (Microsoft Security Response Center)and Jann Horn (Google Project Zero) for reporting this issue.Note: This is the qemu-kvm-rhev side of the CVE-2018-3639 mitigation thatincludes support for guests running on hosts with AMD processors.For more details about the security issue(s), including the impact, a CVSSscore, and other related information, refer to the CVE page(s) listed inthe References section.