ROSA LABROSA-SA-2021-1974Advisory ROSA-SA-2021-1974
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.3 Medium
AI Score
Confidence
High
5.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:P/I:N/A:C
0.001 Low
EPSS
Percentile
22.2%
Software: vdagent spices 0.14.0
OS: Cobalt 7.9
CVE-ID: CVE-2017-15108
CVE-Crit: HIGH
CVE-DESC: spices vdagent up to 0.17.0 in a way that does not avoid saving the directory before going to the shell, allowing an attacker with access to the session running the agent to inject arbitrary commands to execute.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-25653
CVE-Crit: MEDIUM
CVE-DESC: Racing State A vulnerability was discovered in the spice-vdagentd path of the spice-vdagentd daemon pumping new client connections. This flaw could allow an unprivileged local guest user to become an active agent for spec-vdagentd, which could lead to denial of service or information leakage from the host. The highest threat from this vulnerability is data privacy as well as system availability. This flaw affects spice-vdagent version 0.20 and earlier.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-25652
CVE-Crit: MEDIUM
CVE-DESC: A defect was found in the spice-vdagentd daemon, where it does not properly handle client connections that can be established over a UNIX domain socket in /run/spice-vdagentd/spice-vdagent-sock. Any unprivileged local guest user could exploit this flaw to prevent a legitimate agent from connecting to the spice-vdagentd daemon, resulting in a denial of service. The biggest threat from this vulnerability is to system availability. This flaw affects spice-vdagent version 0.20 and earlier.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-25651
CVE-Crit: MEDIUM
CVE-DESC: A defect was detected in the SPICE file transfer protocol. File data from the host system may end up in whole or in part in the communication of a client extramarital local user in the VM system. Active file transfers from other users could also be interrupted, as a result of a denial of service. The highest threat from this vulnerability is data privacy as well as system availability. This flaw affects spice-vdagent version 0.20 and earlier.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2020-25650
CVE-Crit: MEDIUM
CVE-DESC: A defect was found in the way the spice-vdagentd daemon handled file transfers from the host system to the virtual machine. Any unprivileged Local Guest user accessing the UNIX domain socket path /run / Gingerbread / vdagentd spice-vdagent-sock could exploit this flaw to perform a memory service failure for spice-vdagentd or even other processes on the VM system, the biggest threat from this vulnerability is to system availability. This flaw affects spice-vdagent version 0.20 and previous versions.
CVE-STATUS: default
CVE-REV: default
Related
7.8 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
6.3 Medium
AI Score
Confidence
High
5.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:L/AC:M/Au:N/C:P/I:N/A:C
0.001 Low
EPSS
Percentile
22.2%