Security Bulletin: Vulnerability in spice affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5261, CVE-2015-5260)

Summary

Vulnerability spice affects IBM SmartCloud Provisioning for IBM Software Virtual Appliance (CVE-2015-5261, CVE-2015-5260).

Vulnerability Details

CVEID: CVE-2015-5261 DESCRIPTION: Red Hat spice is vulnerable to a heap-based buffer overflow. By sending specially crafted QXL command, a local attacker could overflow a buffer and execute arbitrary code on the system with elevated privileges or cause the application to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106978 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

CVEID: CVE-2015-5260 DESCRIPTION: Red Hat spice is vulnerable to a heap-based buffer overflow, caused by improper bounds checking when handling certain QXL commands related to the “surface_id” parameter. By sending an overly long QXL command, a local attacker could overflow a buffer and execute arbitrary code on the system or cause the QEMU-KVM process on the host system to crash.
CVSS Base Score: 5.9
CVSS Temporal Score: See https://exchange.xforce.ibmcloud.com/vulnerabilities/106977 for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Affected Products and Versions

IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance

Remediation/Fixes

If you are running IBM SmartCloud Provisioning 2.1 for IBM Software Virtual Appliance, contact IBM support.