oss-sec mailing list archives
Re: CVE request -- qxl: synchronous io guest DoS
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 30 Jan 2013 11:33:26 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/30/2013 09:37 AM, Petr Matousek wrote:
A flaw was found in the way spice connection breakups were handled in the qemu-kvm qxl driver. Some of the qxl port i/o commands were waiting for the spice server to complete the actions, while the corresponding thread holds qemu_mutex mutex, potentially blocking other threads in the guest's qemu-kvm process. An user able to initiate spice connection to the guest could use this flaw to make guest temporarily unavailable or, in case kernel.softlockup_panic in the guest was set, crash the guest. Upstream fixes: xf86-video-qxl commit http://cgit.freedesktop.org/xorg/driver/xf86-video-qxl/commit/?id=30b4b72cdbdf9f0e92a8d1c4e01779f60f15a741 which relies on qemu-kvm functionality introduced by commit http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=5ff4e36c References: https://bugzilla.redhat.com/show_bug.cgi?id=906032 Thanks,
Please use CVE-2013-0241 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRCWd1AAoJEBYNRVNeJnmTdz0QAJOFfHYG6T4iQY3hytnR0iV1 O2JyrYFVk/Jdrgz/+V7pPjhvxn6ukohhHkucYW6+4ZjPSu1ne62zNDEo1Mah0twf coPFOcBs4qGz5OQUZjhADWmdzS9RhZis/5jMfLeMJBPjFMrGRRcJtbYKfX7w5Vpn p7ajvCvJBCjOK0OIWWwuMjTU1Qv/MSrJSEx6Vla6hrb0L8eZQPYHcpPJNB3IhZ38 nWkcO+ZpgiaEKjIiNXBpuvLiCcTniDSY1AsEa8lTQc7uZP3WdHKDa+EeGiGlhDGP kTKGhrUvBoRmHPXFgh/kK8+1qOnOkk1PUuVsdxBgmli0TtblX6SOKyzZEf9SUPds W4auVltGqkS+qSufmV9OfM2ozWZIQOZMo/9/HwYjn5lxywsXxcBJJqNPIlmWuyLO 6B66lM/WZeNAIRMvt+1HYiZTImH9PHzVlf9gA5LRIR4eHnb7/ABhsUac9M/AC6uR q+ojKxKeEvyZNrSBIPyAzVF4A0wzbnxliB+Urql6yUty4Xc5HJMbcMRIDrgMl2sb 8xJiCT6csQzvcvyU9VUAg4aAhJHsgJLe7m/CdIRUqf2YaMei72JVTbeHqB7pvRtV xugO+ZnxtCbVMn4yFKIcFsyQxKjZkZRXMcWEbA2SDd3bWu7ElkMhPSc57MYmhyY9 iuJppjvtcQtYepRgFFS6 =kABX -----END PGP SIGNATURE-----
Current thread:
- CVE request -- qxl: synchronous io guest DoS Petr Matousek (Jan 30)
- Re: CVE request -- qxl: synchronous io guest DoS Kurt Seifried (Jan 30)