CVE-2010-0429

Name of the Vulnerable Software and Affected Versions libspice versions as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2 qspice version 0.3.0

Description The issue is related to the improper restriction of addresses for memory-management actions, which can be exploited by guest OS users. This can lead to a denial of service, causing the guest OS to crash, or potentially allow users to gain privileges via unspecified vectors.

Recommendations For libspice as used in QEMU-KVM in the Hypervisor (aka rhev-hypervisor) in Red Hat Enterprise Virtualization (RHEV) 2.2, consider restricting memory-management actions to authorized addresses until a patch is available. For qspice version 0.3.0, restrict access to memory-management functions to prevent potential exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.