CVE-2020-25653

CVSS v3.1

6.4

Medium

Vector

AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:L

Name of the Vulnerable Software and Affected Versions spice-vdagent versions 0.20 and prior

Description A race condition vulnerability was found in the way the spice-vdagentd daemon handled new client connections. This flaw may allow an unprivileged local guest user to become the active agent for spice-vdagentd, possibly resulting in a denial of service or information leakage from the host. The highest threat from this vulnerability is to data confidentiality as well as system availability.

Recommendations For spice-vdagent versions 0.20 and prior, consider disabling the spice-vdagentd daemon until a patch is available to prevent potential denial of service or information leakage. Restrict access to the spice-vdagentd daemon to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

DoS

Race Condition

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-362

Related Identifiers

ALSA-2021:1791

ALT-PU-2021-1106

ALT-PU-2021-1155

ALT-PU-2023-1838

AZL-7365

CESA-2021_1791

CVE-2020-25653

DLA-2524-1

MGASA-2020-0474

OESA-2021-1081

OPENSUSE-SU-2021:2614-1

OPENSUSE-SU-2021_2614-1

RHSA-2021:1791

RHSA-2021_1791

RLSA-2021:1791

SUSE-SU-2020:3268-1

SUSE-SU-2021:2614-1

SUSE-SU-2021:2766-1

SUSE-SU-2021:2803-1

USN-4617-1

Affected Products

Alt Linux

Almalinux

Centos

Linuxmint

Red Hat

Rocky Linux

Suse

Ubuntu

Spice-Vdagent

CVE-2020-25653

Weakness Enumeration

Related Identifiers

Affected Products

References · 63