CVE-2016-2150

Опубликовано: 06 июн. 2016

Источник: redhat

CVSS2: 4.3

EPSS Низкий

Описание

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

A memory access flaw was found in the way spice handled certain guests using crafted primary surface parameters. A user in a guest could use this flaw to read from and write to arbitrary memory locations on the host.

Ссылки на источники

Дополнительная информация

Статус:

Important

https://bugzilla.redhat.com/show_bug.cgi?id=1313496spice: Host memory access from guest with invalid primary surface parameters

EPSS

Процентиль: 23%

0.00073

Низкий

4.3 Medium

CVSS2

Связанные уязвимости

CVE-2016-2150

CVSS3: 7.1

ubuntu

около 9 лет назад

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

CVE-2016-2150

CVSS3: 7.1

nvd

около 9 лет назад

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

CVE-2016-2150

CVSS3: 7.1

debian

около 9 лет назад

SPICE allows local guest OS users to read from or write to arbitrary h ...

GHSA-xcwp-848r-pq94

CVSS3: 7.1

github

больше 3 лет назад

SPICE allows local guest OS users to read from or write to arbitrary host memory locations via crafted primary surface parameters, a similar issue to CVE-2015-5261.

openSUSE-SU-2016:1726-1

suse-cvrf

около 9 лет назад

Security update for spice

EPSS

Процентиль: 23%

0.00073

Низкий

4.3 Medium

CVSS2