Bugzilla – Full Text Bug Listing
|Summary:||VUL-0: CVE-2013-0241: xf86-video-qxl: synchronous io guest DoS|
|Product:||[Novell Products] SUSE Security Incidents||Reporter:||Marcus Meissner <meissner>|
|Component:||Incidents||Assignee:||Stefan Dirsch <sndirsch>|
|Status:||RESOLVED INVALID||QA Contact:||Security Team bot <security-team>|
|Priority:||P3 - Medium||CC:||agraf, brogers, meissner, security-team|
|Found By:||---||Services Priority:|
|Marketing QA Status:||---||IT Deployment:||---|
Description Marcus Meissner 2013-02-11 15:26:37 UTC
is public, via oss-security CVE-2013-0241 On 01/30/2013 09:37 AM, Petr Matousek wrote: > A flaw was found in the way spice connection breakups were handled in > the qemu-kvm qxl driver. Some of the qxl port i/o commands were waiting > for the spice server to complete the actions, while the corresponding > thread holds qemu_mutex mutex, potentially blocking other threads in the > guest's qemu-kvm process. An user able to initiate spice connection to > the guest could use this flaw to make guest temporarily unavailable or, > in case kernel.softlockup_panic in the guest was set, crash the guest. > > Upstream fixes: > xf86-video-qxl commit > http://cgit.freedesktop.org/xorg/driver/xf86-video-qxl/commit/?id=30b4b72cdbdf9f0e92a8d1c4e01779f60f15a741 > > which relies on qemu-kvm functionality introduced by commit > http://git.kernel.org/?p=virt/kvm/qemu-kvm.git;a=commit;h=5ff4e36c > > References: > https://bugzilla.redhat.com/show_bug.cgi?id=906032 > > Thanks, Please use CVE-2013-0241 for this issue.
Comment 1 Stefan Dirsch 2013-02-11 15:50:31 UTC
Seems we are shipping xf86-video-qxl X driver since openSUSE 12.1. I never got it working with qemu-kvm though.
Comment 2 Swamp Workflow Management 2013-02-11 23:00:24 UTC
bugbot adjusting priority
Comment 3 Marcus Meissner 2013-02-12 08:48:38 UTC
if its not working at all, or if we do not have synchronous io to qemu-kvm? who can we ask? qemu folks?
Comment 4 Stefan Dirsch 2013-02-13 15:19:35 UTC
(In reply to comment #3) > if its not working at all, or if we do not have synchronous io to qemu-kvm? > > who can we ask? qemu folks? Last time I tried it did not work. This is some time ago though. It has been a hackweek project to get this running and I failed miserably. I wrote my results in some FATE request about QXL support. I can't find it any longer.
Comment 5 Stefan Dirsch 2013-03-08 14:52:04 UTC
I believe figuring out, whether QXL works is much more effort than just doing the security update. Also there shouldn't be that much products, on which we already ship the xf86-video-qxl driver.
Comment 6 Marcus Meissner 2013-03-08 15:53:18 UTC
yes, either just throw the patch in and submit or we could just ignore this bug if it does not work at all for now
Comment 7 Stefan Dirsch 2013-03-09 13:04:25 UTC
SLE doesn't ship xf86-video-qxl. openSUSE does. 12.1: xorg-x11-driver-video (xf86-video-qxl-0.0.13: affected) 12.2: xf86-video-qxl (0.0.17: contains the fix) 12.3: xf86-video-qxl (0.1.0: contains the fix) Factory/X11:XOrg: xf86-video-qxl (0.1.0: contains the fix) ==> Only openSUSE 12.1 needs to get fixed
Comment 8 Stefan Dirsch 2013-03-26 16:59:51 UTC
Well, the patch introduces wrappers around ioport_write() calls, but there is no ioport_write() yet defined in xf86-video-qxl 0.0.13 of openSUSE 12.1. Instead outb() is used in this version. Later ioport_write() has been introduced in xf86-video-qxl, but it requires the definition of XSPICE. If not outb() is used. And we do not build nor ship spice devel packages with openSUSE 12.1. Maybe this is becoming a non-issue with this in mind? Do you agree?
Comment 9 Marcus Meissner 2013-03-27 10:02:00 UTC
it seems so. lets put the issue at rest.
Comment 10 Stefan Dirsch 2013-03-27 10:41:06 UTC