CVE-2015-5260

moderate-risk
Published 2016-06-07

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

Do I need to act?

-
0.24% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10 High
LOCAL / LOW complexity

Affected Products (16)

Spice

Affected Vendors

Debian Canonical Spice Project Redhat

References (20)

http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html
http://rhn.redhat.com/errata/RHSA-2015-1889.html
http://rhn.redhat.com/errata/RHSA-2015-1890.html
http://www.debian.org/security/2015/dsa-3371
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h...
http://www.securityfocus.com/bid/77019
http://www.securitytracker.com/id/1033753
http://www.ubuntu.com/usn/USN-2766-1
https://bugzilla.redhat.com/show_bug.cgi?id=1260822
https://security.gentoo.org/glsa/201606-05
http://lists.freedesktop.org/archives/spice-devel/2015-October/022191.html
http://rhn.redhat.com/errata/RHSA-2015-1889.html
http://rhn.redhat.com/errata/RHSA-2015-1890.html
http://www.debian.org/security/2015/dsa-3371
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.h...
http://www.securityfocus.com/bid/77019
http://www.securitytracker.com/id/1033753
http://www.ubuntu.com/usn/USN-2766-1
https://bugzilla.redhat.com/show_bug.cgi?id=1260822
https://security.gentoo.org/glsa/201606-05
43
/ 100
moderate-risk
Severity 24/34 · High
Exploitability 1/34 · Minimal
Exposure 18/34 · Moderate