CVE-2013-0241 — Graphics Driver Project Xf86-video-qxl vulnerability

CWE-3997 documents7 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 81.78%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Debian Xserver-xorg-video-qxl Canonical Ubuntu Linux QXL Graphics Driver Project Xf86-video-qxl +3 more

Timeline

PublishedFeb 13

Latest updateMay 5

Description

The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

▶NVDqxl_graphics_driver_project/xf86-video-qxl0.1.0

▶debiandebian/xserver-xorg-video-qxl< xserver-xorg-video-qxl 0.0.17-1 (bookworm)

▶NVDredhat/enterprise_linux_server6.0

▶NVDredhat/enterprise_linux_desktop6.0

▶NVDredhat/enterprise_linux_workstation6.0

Also affects: Ubuntu Linux 11.10, 12.04

🔴Vulnerability Details

GHSA

GHSA-6x5v-pqrf-rh9v: The QXL display driver in QXL Virtual GPU 0↗2022-05-05

▶

OSV

CVE-2013-0241: The QXL display driver in QXL Virtual GPU 0↗2013-02-13

▶

📋Vendor Advisories

Ubuntu

QXL graphics driver vulnerability↗2013-02-05

▶

Debian

CVE-2013-0241: xserver-xorg-video-qxl - The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a de...↗2013

▶

Red Hat

qxl: synchronous io guest DoS↗2011-08-03

▶

💬Community

Bugzilla

CVE-2013-0241 qxl: synchronous io guest DoS↗2013-01-30

▶