ID CVE-2013-0241
Summary The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.
References
Vulnerable Configurations
  • cpe:2.3:o:qxl_graphics_driver_project:xf86-video-qxl:0.1.0
    cpe:2.3:o:qxl_graphics_driver_project:xf86-video-qxl:0.1.0
  • Canonical Ubuntu Linux 12.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts
  • Canonical Ubuntu Linux 11.10
    cpe:2.3:o:canonical:ubuntu_linux:11.10
  • Red Hat Enterprise Linux Desktop 6.0
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0
  • Red Hat Enterprise Linux Server 6.0
    cpe:2.3:o:redhat:enterprise_linux_server:6.0
  • Red Hat Enterprise Linux Workstation 6.0
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0
CVSS
Base: 2.1 (as of 13-02-2013 - 10:35)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Scientific Linux Local Security Checks
    NASL id SL_20130131_XORG_X11_DRV_QXL_ON_SL6_X.NASL
    description A flaw was found in the way the host's qemu-kvm qxl driver and the guest's X.Org qxl driver interacted when a SPICE connection terminated. A user able to initiate a SPICE connection to a guest could use this flaw to make the guest temporarily unavailable or, potentially (if the sysctl kernel.softlockup_panic variable was set to '1' in the guest), crash the guest. (CVE-2013-0241) All running X.Org server instances using the qxl driver must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-12-31
    plugin id 64429
    published 2013-02-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64429
    title Scientific Linux Security Update : xorg-x11-drv-qxl on SL6.x i386/x86_64
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2013-0218.NASL
    description An updated xorg-x11-drv-qxl package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xorg-x11-drv-qxl package provides an X11 video driver for the QEMU QXL video accelerator. This driver makes it possible to use Red Hat Enterprise Linux 6 as a guest operating system under the KVM kernel module and the QEMU multi-platform emulator, using the SPICE protocol. A flaw was found in the way the host's qemu-kvm qxl driver and the guest's X.Org qxl driver interacted when a SPICE connection terminated. A user able to initiate a SPICE connection to a guest could use this flaw to make the guest temporarily unavailable or, potentially (if the sysctl kernel.softlockup_panic variable was set to '1' in the guest), crash the guest. (CVE-2013-0241) All users of xorg-x11-drv-qxl are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running X.Org server instances using the qxl driver must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64392
    published 2013-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64392
    title RHEL 6 : xorg-x11-drv-qxl (RHSA-2013:0218)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2013-0218.NASL
    description An updated xorg-x11-drv-qxl package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xorg-x11-drv-qxl package provides an X11 video driver for the QEMU QXL video accelerator. This driver makes it possible to use Red Hat Enterprise Linux 6 as a guest operating system under the KVM kernel module and the QEMU multi-platform emulator, using the SPICE protocol. A flaw was found in the way the host's qemu-kvm qxl driver and the guest's X.Org qxl driver interacted when a SPICE connection terminated. A user able to initiate a SPICE connection to a guest could use this flaw to make the guest temporarily unavailable or, potentially (if the sysctl kernel.softlockup_panic variable was set to '1' in the guest), crash the guest. (CVE-2013-0241) All users of xorg-x11-drv-qxl are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running X.Org server instances using the qxl driver must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 64385
    published 2013-02-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64385
    title CentOS 6 : xorg-x11-drv-qxl (CESA-2013:0218)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2013-0218.NASL
    description From Red Hat Security Advisory 2013:0218 : An updated xorg-x11-drv-qxl package that fixes one security issue is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section. The xorg-x11-drv-qxl package provides an X11 video driver for the QEMU QXL video accelerator. This driver makes it possible to use Red Hat Enterprise Linux 6 as a guest operating system under the KVM kernel module and the QEMU multi-platform emulator, using the SPICE protocol. A flaw was found in the way the host's qemu-kvm qxl driver and the guest's X.Org qxl driver interacted when a SPICE connection terminated. A user able to initiate a SPICE connection to a guest could use this flaw to make the guest temporarily unavailable or, potentially (if the sysctl kernel.softlockup_panic variable was set to '1' in the guest), crash the guest. (CVE-2013-0241) All users of xorg-x11-drv-qxl are advised to upgrade to this updated package, which contains a backported patch to correct this issue. All running X.Org server instances using the qxl driver must be restarted for this update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68722
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68722
    title Oracle Linux 6 : xorg-x11-drv-qxl (ELSA-2013-0218)
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-1714-1.NASL
    description It was discovered that the QXL graphics driver incorrectly handled terminated connections. An attacker that could connect to a guest using SPICE and the QXL graphics driver could cause the guest to hang or crash, resulting in a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 64481
    published 2013-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=64481
    title Ubuntu 11.10 / 12.04 LTS : xserver-xorg-video-qxl vulnerability (USN-1714-1)
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2013-138.NASL
    description Updated x11-driver-video-qxl package fixes security vulnerability : A flaw was found in the way the host's qemu-kvm qxl driver and the guest's X.Org qxl driver interacted when a SPICE connection terminated. A user able to initiate a SPICE connection to a guest could use this flaw to make the guest temporarily unavailable or, potentially (if the sysctl kernel.softlockup_panic variable was set to 1 in the guest), crash the guest (CVE-2013-0241).
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 66150
    published 2013-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=66150
    title Mandriva Linux Security Advisory : x11-driver-video-qxl (MDVSA-2013:138)
redhat via4
advisories
bugzilla
id 906032
title CVE-2013-0241 qxl: synchronous io guest DoS
oval
AND
  • comment xorg-x11-drv-qxl is earlier than 0:0.0.14-14.el6_3
    oval oval:com.redhat.rhsa:tst:20130218005
  • comment xorg-x11-drv-qxl is signed with Red Hat redhatrelease2 key
    oval oval:com.redhat.rhba:tst:20141376204
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
rhsa
id RHSA-2013:0218
released 2013-01-31
severity Moderate
title RHSA-2013:0218: xorg-x11-drv-qxl security update (Moderate)
rpms xorg-x11-drv-qxl-0:0.0.14-14.el6_3
refmap via4
confirm
mandriva MDVSA-2013:138
mlist
  • [oss-security] 20130130 CVE request -- qxl: synchronous io guest DoS
  • [oss-security] 20130130 Re: CVE request -- qxl: synchronous io guest DoS
secunia 52021
ubuntu USN-1714-1
xf qxl-virtual-spice-dos(81704)
Last major update 06-02-2014 - 23:44
Published 12-02-2013 - 20:55
Last modified 28-08-2017 - 21:33
Back to Top