CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
EPSS
Percentile
20.8%
libspice, as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 and qspice 0.3.0, does not properly restrict the addresses upon which memory-management actions are performed, which allows guest OS users to cause a denial of service (guest OS crash) or possibly gain privileges via unspecified vectors.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | spice | < 0.15.1-1 | spice_0.15.1-1_all.deb |
Debian | 11 | all | spice | < 0.14.3-2.1 | spice_0.14.3-2.1_all.deb |
Debian | 999 | all | spice | < 0.15.2-1 | spice_0.15.2-1_all.deb |
Debian | 13 | all | spice | < 0.15.2-1 | spice_0.15.2-1_all.deb |