CVE-2013-7336
published 2014-05-07CVE-2013-7336: The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE…
low1.9CVSS 3.1
AVLACMAuNCNINAP
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.
Affected
22 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | libvirt | < libvirt 1.1.4-1 (bookworm) | libvirt 1.1.4-1 (bookworm) |
| opensuse | opensuse | — | — |
| redhat | libvirt | <= 1.1.2 | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | — | — |
| redhat | libvirt | >= 0 < 1.1.4-1 | 1.1.4-1 |
| redhat | libvirt | >= 0 < 1.1.4-1 | 1.1.4-1 |
| redhat | libvirt | >= 0 < 1.1.4-1 | 1.1.4-1 |
| redhat | libvirt | >= 0 < 1.1.4-1 | 1.1.4-1 |
CVSS provenance
nvd1.9LOWAV:L/AC:M/Au:N/C:N/I:N/A:P
osv1.9LOW