Lucene search

Veracode Vulnerability DatabaseVERACODE:24149

HistoryApr 10, 2020 - 12:47 a.m.

Denial Of Service (DoS)

2020-04-1000:47:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

JSON

The Simple Protocol for Independent Computing Environments (SPICE) is vulnerable to Denial Of Service (DoS). It was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host.

CPENameOperatorVersion
qspiceeq0.3.0__39.el5
qspiceeq0.3.0__39.el5_4.3
qspiceeq0.3.0__39.el5
qspiceeq0.3.0__39.el5_4.3

Name	Operator	Version
qspice	eq	0.3.0__39.el5
qspice	eq	0.3.0__39.el5_4.3
qspice	eq	0.3.0__39.el5
qspice	eq	0.3.0__39.el5_4.3

References

www.redhat.com/security/updates/classification/#important

access.redhat.com/errata/RHSA-2010:0633

bugzilla.redhat.com/show_bug.cgi?id=568701

rhn.redhat.com/errata/RHSA-2010-0622.html

rhn.redhat.com/errata/RHSA-2010-0633.html

6.6 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:S/C:C/I:C/A:C

JSON

Related for VERACODE:24149