ID CVE-2013-0241
Summary The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information. Per https://rhn.redhat.com/errata/RHSA-2013-0218.html Affected Products: Red Hat Enterprise Linux Desktop (v. 6) Red Hat Enterprise Linux Server (v. 6) Red Hat Enterprise Linux Workstation (v. 6) Per http://www.ubuntu.com/usn/USN-1714-1/ A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 LTS Ubuntu 11.10
References
Vulnerable Configurations
  • cpe:2.3:o:qxl_graphics_driver_project:xf86-video-qxl:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:o:qxl_graphics_driver_project:xf86-video-qxl:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:11.10:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:lts:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 29-08-2017 - 01:33)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:L/AC:L/Au:N/C:N/I:N/A:P
redhat via4
advisories
bugzilla
id 906032
title CVE-2013-0241 qxl: synchronous io guest DoS
oval
AND
  • comment xorg-x11-drv-qxl is earlier than 0:0.0.14-14.el6_3
    oval oval:com.redhat.rhsa:tst:20130218005
  • comment xorg-x11-drv-qxl is signed with Red Hat redhatrelease2 key
    oval oval:com.redhat.rhba:tst:20141376204
  • OR
    • comment Red Hat Enterprise Linux 6 Client is installed
      oval oval:com.redhat.rhba:tst:20111656001
    • comment Red Hat Enterprise Linux 6 Server is installed
      oval oval:com.redhat.rhba:tst:20111656002
    • comment Red Hat Enterprise Linux 6 Workstation is installed
      oval oval:com.redhat.rhba:tst:20111656003
    • comment Red Hat Enterprise Linux 6 ComputeNode is installed
      oval oval:com.redhat.rhba:tst:20111656004
rhsa
id RHSA-2013:0218
released 2013-01-31
severity Moderate
title RHSA-2013:0218: xorg-x11-drv-qxl security update (Moderate)
rpms xorg-x11-drv-qxl-0:0.0.14-14.el6_3
refmap via4
confirm
mandriva MDVSA-2013:138
mlist
  • [oss-security] 20130130 CVE request -- qxl: synchronous io guest DoS
  • [oss-security] 20130130 Re: CVE request -- qxl: synchronous io guest DoS
secunia 52021
ubuntu USN-1714-1
xf qxl-virtual-spice-dos(81704)
Last major update 29-08-2017 - 01:33
Published 13-02-2013 - 01:55
Back to Top