CVE-2013-7336

The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a denial of service (NULL pointer dereference and libvirtd crash) by causing domblkstat to be called at the same time as the qemuMonitorGetSpiceMigrationStatus function.

Published: May 7, 2014
Updated: Apr 13, 2023
CVE: CVE-2013-7336
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 1.9
AV:L/AC:M/Au:N/C:N/I:N/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
redhat / libvirt	1.0.5.4	1.0.5.4.x
redhat / libvirt	1.0.5.3	1.0.5.3.x
redhat / libvirt	1.0.5	1.0.5.x
redhat / libvirt	1.0.5.6	1.0.5.6.x
redhat / libvirt	1.0.4	1.0.4.x
redhat / libvirt	1.0.1	1.0.1.x
redhat / libvirt	1.0.6	1.0.6.x
redhat / libvirt	1.0.2	1.0.2.x
redhat / libvirt	1.1.1	1.1.1.x
redhat / libvirt	1.0.5.1	1.0.5.1.x
redhat / libvirt	1.0.5.2	1.0.5.2.x
redhat / libvirt	1.0.3	1.0.3.x
redhat / libvirt	1.0.5.5	1.0.5.5.x
redhat / libvirt	-	1.1.2.x
redhat / libvirt	1.0.0	1.0.0.x
redhat / libvirt	1.1.0	1.1.0.x
opensuse / opensuse	13.1	13.1.x

Vulnerability Database

289,599

CVE-2013-7336