CVE-2013-0241
Published: 30 January 2013
The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.
Notes
| Author | Note |
|---|---|
| mdeslaur | needs qemu-kvm patch (included in 1.0) http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=5ff4e36c oneiric and precise don't have spice enabled in the qemu-kvm build. This probably only has an impact in environments where a precise guest is running on a host with spice enabled, and recent enough to supports async io. Downgrading priority to low. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
xserver-xorg-video-qxl Launchpad, Ubuntu, Debian |
hardy |
Does not exist
|
| lucid |
Does not exist
|
|
| oneiric |
Released
(0.0.14-1ubuntu0.1)
|
|
| precise |
Released
(0.0.16-2ubuntu0.1)
|
|
| quantal |
Not vulnerable
(0.1.0-0ubuntu1)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: http://cgit.freedesktop.org/xorg/driver/xf86-video-qxl/commit/?id=30b4b72cdbdf9f0e92a8d1c4e01779f60f15a741 |
||