Lucene search

K

[email protected]NVD:CVE-2015-5260

HistoryJun 07, 2016 - 2:06 p.m.

CVE-2015-5260

2016-06-0714:06:06

CWE-119

[email protected]

web.nvd.nist.gov

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

Heap-based buffer overflow in SPICE before 0.12.6 allows guest OS users to cause a denial of service (heap-based memory corruption and QEMU-KVM crash) or possibly execute arbitrary code on the host via QXL commands related to the surface_id parameter.

Affected configurations

NVD

Node

redhatenterprise_linux_desktopMatch6.0

OR

redhatenterprise_linux_hpc_nodeMatch6.0

OR

redhatenterprise_linux_serverMatch6.0

OR

redhatenterprise_linux_server_eusMatch6.7.z

OR

redhatenterprise_linux_workstationMatch6.0

Node

debiandebian_linuxMatch7.0

OR

debiandebian_linuxMatch8.0

Node

canonicalubuntu_linuxMatch14.04lts

OR

canonicalubuntu_linuxMatch15.04

Node

spice_projectspiceRange≤0.12.5

Node

redhatenterprise_linux_desktopMatch7.0

OR

redhatenterprise_linux_hpc_nodeMatch7.0

OR

redhatenterprise_linux_hpc_node_eusMatch7.1

OR

redhatenterprise_linux_serverMatch7.0

OR

redhatenterprise_linux_server_eusMatch7.1

OR

redhatenterprise_linux_workstationMatch7.0

References

lists.freedesktop.org/archives/spice-devel/2015-October/022191.html

rhn.redhat.com/errata/RHSA-2015-1889.html

rhn.redhat.com/errata/RHSA-2015-1890.html

www.debian.org/security/2015/dsa-3371

www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html

www.securityfocus.com/bid/77019

www.securitytracker.com/id/1033753

www.ubuntu.com/usn/USN-2766-1

bugzilla.redhat.com/show_bug.cgi?id=1260822

security.gentoo.org/glsa/201606-05

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

34.6%

Related for NVD:CVE-2015-5260

debiancve1 cvelist1 veracode2 prion1 cve1 ubuntucve1 openvas18 mageia1 redhat2 nessus17 securityvulns2 ibm1 oraclelinux2 centos2 debian2 ubuntu1 fedora10 archlinux1 gentoo1