8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
0.0005 Low
EPSS
Percentile
17.1%
A flaw was found in spice-server in Redhat’s VDI product that can restart KVMvirtual machine without any authorization. A handshake is required before spice-server and spice-client can establish communication, and spice-client will send a request containing information that the server needs. This TCP request requires only host and port; A malformed TCP packet causes the vm to crash and the QEMu-KVM process to be restarted.
Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.