6.9 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:C/I:C/A:C
0.009 Low
EPSS
Percentile
82.5%
Race condition in the worker_update_monitors_config function in SPICE 0.12.4 allows a remote authenticated guest user to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via unspecified vectors.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | spice | < 0.12.5-1.2 | spice_0.12.5-1.2_all.deb |
Debian | 11 | all | spice | < 0.12.5-1.2 | spice_0.12.5-1.2_all.deb |
Debian | 10 | all | spice | < 0.12.5-1.2 | spice_0.12.5-1.2_all.deb |
Debian | 999 | all | spice | < 0.12.5-1.2 | spice_0.12.5-1.2_all.deb |
Debian | 13 | all | spice | < 0.12.5-1.2 | spice_0.12.5-1.2_all.deb |