Bugzilla – Bug 803102
VUL-0: CVE-2013-0241: xf86-video-qxl: synchronous io guest DoS
Last modified: 2013-03-27 10:41:06 UTC
is public, via oss-security
On 01/30/2013 09:37 AM, Petr Matousek wrote:
> A flaw was found in the way spice connection breakups were handled in
> the qemu-kvm qxl driver. Some of the qxl port i/o commands were waiting
> for the spice server to complete the actions, while the corresponding
> thread holds qemu_mutex mutex, potentially blocking other threads in the
> guest's qemu-kvm process. An user able to initiate spice connection to
> the guest could use this flaw to make guest temporarily unavailable or,
> in case kernel.softlockup_panic in the guest was set, crash the guest.
> Upstream fixes:
> xf86-video-qxl commit
> which relies on qemu-kvm functionality introduced by commit
Please use CVE-2013-0241 for this issue.
Seems we are shipping xf86-video-qxl X driver since openSUSE 12.1. I never got it working with qemu-kvm though.
bugbot adjusting priority
if its not working at all, or if we do not have synchronous io to qemu-kvm?
who can we ask? qemu folks?
(In reply to comment #3)
> if its not working at all, or if we do not have synchronous io to qemu-kvm?
> who can we ask? qemu folks?
Last time I tried it did not work. This is some time ago though. It has been a hackweek project to get this running and I failed miserably. I wrote my results
in some FATE request about QXL support. I can't find it any longer.
I believe figuring out, whether QXL works is much more effort than just doing the security update. Also there shouldn't be that much products, on which we already ship the xf86-video-qxl driver.
yes, either just throw the patch in and submit or we could just ignore this bug if it does not work at all for now
SLE doesn't ship xf86-video-qxl. openSUSE does.
12.1: xorg-x11-driver-video (xf86-video-qxl-0.0.13: affected)
12.2: xf86-video-qxl (0.0.17: contains the fix)
12.3: xf86-video-qxl (0.1.0: contains the fix)
Factory/X11:XOrg: xf86-video-qxl (0.1.0: contains the fix)
==> Only openSUSE 12.1 needs to get fixed
Well, the patch introduces wrappers around ioport_write() calls, but there is no ioport_write() yet defined in xf86-video-qxl 0.0.13 of openSUSE 12.1. Instead outb() is used in this version.
Later ioport_write() has been introduced in xf86-video-qxl, but it requires the definition of XSPICE. If not outb() is used. And we do not build nor ship spice devel packages with openSUSE 12.1.
Maybe this is becoming a non-issue with this in mind? Do you agree?
it seems so. lets put the issue at rest.