From $URL : A flaw was found in the way spice connection breakups were handled in the qemu-kvm qxl driver. Some of the qxl port i/o commands were waiting for the spice server to complete the actions, while the corresponding thread holds qemu_mutex mutex, potentially blocking other threads in the guest's qemu-kvm process. An user able to initiate spice connection to the guest could use this flaw to make guest temporarily unavailable or, in case kernel.softlockup_panic in the guest was set, crash the guest. Upstream fixes: xf86-video-qxl commit http://cgit.freedesktop.org/xorg/driver/xf86-video-qxl/commit/?id=30b4b72cdbdf9f0e92a8d1c4e01779f60f15a741 which relies on qemu-kvm functionality introduced by commit http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=5ff4e36c References: https://bugzilla.redhat.com/show_bug.cgi?id=906032
CVE-2013-0241 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2013-0241): The QXL display driver in QXL Virtual GPU 0.1.0 allows local users to cause a denial of service (guest crash or hang) via a SPICE connection that prevents other threads from obtaining the qemu_mutex mutex. NOTE: some of these details are obtained from third party information.
Fix is linked at https://bugzilla.redhat.com/show_bug.cgi?id=906032 but it is unclear if this fixes all scenarios.
Please CC arches if you move the whiteboard to [stable], if you want us to request the stable please say as much and mark it as [stable?]. Arches, please test and stabilize: =x11-drivers/xf86-video-qxl-0.1.1 Target arches: amd64 x86
amd64 stable
x86 stable. Maintainer(s), please cleanup. Security, please vote.
Vulnerable versions have been removed from the tree.
Thanks for your work. GLSA vote: no
GLSA vote: no, closing noglsa.
