6.6 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:M/Au:S/C:C/I:C/A:C
The Simple Protocol for Independent Computing Environments (SPICE) is vulnerable to Denial Of Service (DoS). It was found that the libspice component of QEMU-KVM on the host could be forced to perform certain memory management operations on memory addresses controlled by a guest. A privileged guest user could use this flaw to crash the guest (denial of service) or, possibly, escalate their privileges on the host.
CPE | Name | Operator | Version |
---|---|---|---|
qspice | eq | 0.3.0__39.el5 | |
qspice | eq | 0.3.0__39.el5_4.3 | |
qspice | eq | 0.3.0__39.el5 | |
qspice | eq | 0.3.0__39.el5_4.3 |