Unrated severityNVD Advisory· Published May 7, 2014· Updated May 6, 2026
CVE-2013-7336
CVE-2013-7336
Description
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.
Affected products
17cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:redhat:libvirt:*:*:*:*:*:*:*:*range: <=1.1.2
- cpe:2.3:a:redhat:libvirt:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.5.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:redhat:libvirt:1.1.1:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
8- www.openwall.com/lists/oss-security/2014/03/18/3nvdPatch
- libvirt.org/git/nvd
- libvirt.org/news.htmlnvd
- lists.opensuse.org/opensuse-updates/2014-05/msg00004.htmlnvd
- secunia.com/advisories/60895nvd
- security.gentoo.org/glsa/glsa-201412-04.xmlnvd
- www.openwall.com/lists/oss-security/2014/03/18/1nvd
- bugzilla.redhat.com/show_bug.cginvd
News mentions
0No linked articles in our index yet.