CVE-2013-7336

Publication date 7 May 2014

Last updated 24 July 2024

Ubuntu priority

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
libvirt	14.04 LTS trusty	Not affected
	13.10 saucy	Fixed 1.1.1-0ubuntu8.11
	12.10 quantal	Not affected
	12.04 LTS precise	Not affected
	10.04 LTS lucid	Not affected

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
libvirt	Upstream: http://libvirt.org/git/?p=libvirt.git;a=commit;h=fea2550974137918c2bc9e01f3eb00421585450c

References

Related Ubuntu Security Notices (USN)

USN-2209-1
libvirt vulnerabilities
7 May 2014

CVE-2013-7336

Status

Patch details

References

Related Ubuntu Security Notices (USN)

Other references