CVE-2013-7336

9 documents8 sources
Severity
1.9LOW
EPSS
0.1%
top 79.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Redhat LibvirtOpensuse Opensuse
Timeline
PublishedMay 7
Latest updateMay 14

Description

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.

CVSS vector

AV:L/AC:M/C:N/I:N/A:PExploitability: 3.4 | Impact: 2.9

Affected Packages3 packages

Debianlibvirt< 1.1.4-1+3
NVDredhat/libvirt1.1.2+15

Patches

Patch: www.openwall.comPatch: www.openwall.com

🔴Vulnerability Details

3
GHSA
GHSA-xjqc-jjx2-53jr: The qemuMigrationWaitForSpice function in qemu/qemu_migration2022-05-14
OSV
CVE-2013-7336: The qemuMigrationWaitForSpice function in qemu/qemu_migration2014-05-07
CVEList
CVE-2013-7336: The qemuMigrationWaitForSpice function in qemu/qemu_migration2014-05-07

📋Vendor Advisories

3
Ubuntu
libvirt vulnerabilities2014-05-07
Red Hat
libvirt: unprivileged user can crash libvirtd during spice migration2013-09-19
Debian
CVE-2013-7336: libvirt - The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt befor...2013

💬Community

2
Bugzilla
CVE-2013-7336 libvirt: unprivileged user can crash libvirtd during spice migration2014-03-18
Bugzilla
CVE-2013-7336 libvirtd crashes during established spice session migration. [rhel-6.5]2013-09-19