7.4 High
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:A/AC:M/Au:S/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
20.8%
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization
Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly
other products, allows guest OS users to read from or write to arbitrary
QEMU memory by modifying the address that is used by Cairo for memory
mappings.
Author | Note |
---|---|
mdeslaur | pre-dates spice package in Debian/Ubuntu |