PT-2015-6123 · Red Hat+5 · Spice+6

Frediano Ziglio

Published

2014-05-21

Updated

2024-06-15

CVE-2015-3247

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions SPICE version 0.12.4

Description A race condition in the worker update monitors config function allows a remote authenticated guest user to cause a denial of service, resulting in heap-based memory corruption and QEMU-KVM crash, or possibly execute arbitrary code on the host.

Recommendations For SPICE version 0.12.4, consider disabling the worker update monitors config function as a temporary workaround until a patch is available. Restrict access to the QEMU-KVM process to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Buffer Overflow

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-362

Related Identifiers

ALT-PU-2014-1677

CESA-2015_1714

CESA-2015_1715

CVE-2015-3247

DSA-3354-1

MGASA-2015-0373

OPENSUSE-SU-2024:10393-1

RHSA-2015:1713

RHSA-2015:1714

RHSA-2015:1715

RHSA-2015_1714

RHSA-2015_1715

SUSE-SU-2015:1733-1

SUSE-SU-2015_1733-1

SUSE-SU-2016:1259-1

SUSE-SU-2016_1259-1

USN-2736-1

Affected Products

Alt Linux

Centos

Qemu-Kvm

Red Hat

Spice

Suse

Ubuntu

PT-2015-6123 · Red Hat+5 · Spice+6

CVE-2015-3247

Weakness Enumeration

Related Identifiers

Affected Products

References · 64