6.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
The Simple Protocol for Independent Computing Environments (SPICE) is vulnerable to Denial Of Service (DoS). It was found that the libspice component of QEMU-KVM on the host did not validate all pointers provided from a guest system’s QXL graphics card driver. A privileged guest user could use this flaw to cause the host to dereference an invalid pointer, causing the guest to crash (denial of service) or, possibly, resulting in the privileged guest user escalating their privileges on the host.
CPE | Name | Operator | Version |
---|---|---|---|
qspice | eq | 0.3.0__39.el5 | |
qspice | eq | 0.3.0__39.el5_4.3 | |
qspice | eq | 0.3.0__39.el5 | |
qspice | eq | 0.3.0__39.el5_4.3 |